Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The first few milliseconds of HTTPS

Joshua Thijssen
January 08, 2014
0
210

The first few milliseconds of HTTPS

What happens when your browser connects to a HTTPS secure site? We all know it has to do something with certificates, blue and green address bars and sometimes your browser will give warnings which we normally click away. But what actually happens under the hood? In this talk I will give a step-by-step explanation on the first few hundred milliseconds during a connection to HTTPS. We will talk about master secrets, shared secrets, cipher suites, x509 certificates and why secure does not (always) mean secure. After this talk you not only can use HTTPS correctly, but also understand their basic foundations as well.

Joshua Thijssen

January 08, 2014
Tweet

More Decks by Joshua Thijssen

See All by Joshua Thijssen
RAFT: A story on how clusters of computers keep your data in sync
jaytaph
0
30
The first few milliseconds of HTTPS
jaytaph
0
170
Paradoxes and theorems every developer should know
jaytaph
0
220
Paradoxes and theorems every developer should know
jaytaph
0
520
The first few milliseconds of HTTPS - PHPNW16
jaytaph
1
170
compiler_-_php010.pdf
jaytaph
0
80
Paradoxes and theorems every developer should know
jaytaph
0
190
Introduction into interpreters, compilers and JIT
jaytaph
1
220
Paradoxes and theorems every developer should know
jaytaph
1
830

Featured

See All Featured
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
The Pragmatic Product Professional
lauravandoore
31
6.3k
Git: the NoSQL Database
bkeepers
PRO
427
64k
Optimizing for Happiness
mojombo
376
70k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
27
2k
Designing for Performance
lara
604
68k
How to train your dragon (web standard)
notwaldorf
88
5.7k
We Have a Design System, Now What?
morganepeng
50
7.2k
Raft: Consensus for Rubyists
vanstee
136
6.6k
Art, The Web, and Tiny UX
lynnandtonic
297
20k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
Designing on Purpose - Digital PM Summit 2013
jponch
115
7k

Transcript

  1. The first 200 milliseconds of HTTPS 1 Joshua Thijssen jaytaph

  2. 2 Joshua Thijssen Freelance consultant, developer and trainer @ NoxLogic

    Founder of the Dutch Web Alliance Development in PHP, Python, C, Java. Lead developer of Saffire. Blog: http://adayinthelifeof.nl Email: [email protected] Twitter: @jaytaph

  3. ➡ What’s happening in the first 200+ milliseconds on a

    HTTPS connection. ➡ Give tips and hints on hardening your setup. ➡ Give you insights in new and upcoming technologies. ➡ Show you things to you (probably) didn’t knew. 3

  4. This talk is inspired by a blogpost from Jeff Moser

    http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html Unknown fact! 4

  5. TCP/IP 5

  6. TCP IP 6 Network Layer Transport Layer

  7. TCP IP 7 Network Layer Transport Layer HTTP Application Layer

  8. 8 HTTPS is not a protocol Unknown fact!

  9. RFC 2818 (7 page RFC) 9

  10. 2. HTTP Over TLS Conceptually, HTTP/TLS is very simple. Simply

    use HTTP over TLS precisely as you would use HTTP over TCP. 10

  11. HTTPS is the same as HTTP Transport layer differs 11

  12. So this is a talk about TLS 12

  13. Transport Layer Security 13

  14. TCP IP 14 Network Layer Transport Layer HTTP Application Layer

    TLS Session Layer HTTPS

  15. Port 80: http Port 443: https 15

  16. You CAN run HTTP and TLS simultaneously over one port.

    16 Unknown fact!

  17. TLS can be used for transporting other protocols as well

    (IMAP, SMTP etc) 17 Unknown fact!

  18. Secure Socket Layer (SSL) 18 A short and scary history

  19. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 apr 2006 TLS 1.1 TLS 1.2 aug 2008 SSL 1.0 Vaporware 1994 19

  20. https://www.trustworthyinternet.org/ssl-pulse/ Supported versions - november 2013 25,7% 99,6% 99,3% 18,2%

    20,7% SSL 2.0 SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2 20

  21. RFC 5246 (TLS v1.2) 21

  22. ➡ Binary protocol - so no quick telnet-to-see-if-it-works* ➡ Different

    records ➡ Handshake protocol ➡ Alert protocol ➡ ChangeCipherSpec protocol ➡ Application protocol 22 * We can with openssl

  23. 23 https://github.com/vincentbernat/rfc5077/blob/master/ssl-handshake.svg

  24. Attention: (live) wiresharking up ahead 24

  25. 25

  26. 26

  27. Generating randomness is HARD 27

  28. entropy (uncertainty) 28

  29. TIME is NOT random thus not a very good entropy

    source 29

  30. PHP is bad when it comes to entropy 30 Unknown

    fact!

  31. srand(microtime()) 31 Unknown fact!

  32. rand() mt_rand() uniqid() 32

  33. openssl_pseudo_random_bytes() read from /dev/random read from /dev/urandom Use a HRNG

    “A million random digits” https://github.com/ircmaxell/RandomLib 33

  34. 34

  35. TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 35

  36. TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Used for exchanging key information

    Used for authenticating key information Used for message authenticating Actual cipher (and length) used for communication Block cipher mode 36

  37. TLS_RSA_WITH_AES_256_CBC_SHA256 37

  38. TLS_NULL_WITH_NULL_NULL 38

  39. Client gives cipher options, Server ultimately decides on cipher! 39

  40. THIS IS WHY YOU SHOULD ALWAYS CONFIGURE YOUR CIPHERS ON

    YOUR WEBSERVER! 40 Unknown fact!

  41. SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384

    \ EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \ EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 \ EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \ EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; Apache Nginx 41 https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy

  42. https://www.ssllabs.com/ssltest/ 42

  43. 43

  44. 44

  45. 45

  46. SSL Certificates (X.509) 46

  47. 47

  48. 48 ➡ X.509 Certificate ➡ Owner info (who is this

    owner) ➡ Domain info (for which domain(s) is this certificate valid) ➡ Expiry info (from when to when is this certificate valid)

  49. ➡ But.. what if somebody is lying in their SSL

    certificate? ➡ Changing some data in the certificate? 49

  50. 50

  51. 51 github.com Root CA Intermediate CA

  52. 52 IMPLIED TRU$T

  53. ➡ (Root) Certificate Authorities ➡ They are built into your

    browser / OS and you will automatically trust them. 53

  54. 54 wget http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt\?raw\=1 -O - -q | grep Issuer |

    sort | uniq | wc -l 174

  55. ➡ We are forced to trust companies that make a

    living on selling as many certificates as possible.. ➡ It’s a flawed system, but the best we have :( 55

  56. 56

  57. 57

  58. Generation of (lots of) secrets 58

  59. PRE MASTER SECRET 59

  60. 60 Pre Master Secret Random Server Number Random Client Number

    + + Master Secret =

  61. 61 MASTER SECRET client write MAC client write KEY client

    write IV server write MAC server write KEY server write IV

  62. https://github.com/jaytaph/TLS-decoder 62 http://www.adayinthelifeof.nl/2013/12/30/decoding-tls-with-php/ Try it yourself, php style:

  63. 63

  64. 64

  65. 65

  66. 66

  67. 67 Wireshark CAN decrypt your HTTPS traffic Unknown fact! SSLKEYLOGFILE

    https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets+/16415

  68. 68 launchctl setenv SSLKEYLOGFILE /tmp/keylog.secret on a mac:

  69. 69

  70. ➡ TLS overhead ➡ Initial handshake (costly) ➡ 5+X bytes

    overhead 1 byte content-type, 2 byte TLS version, 2 byte data length, X bytes HMAC ➡ Encrypting / Decrypting ➡ HMAC integrity check 70

  71. ➡ Some ciphersuites are better, but slower ➡ Speed /

    Security compromise 71

  72. 72 PRE MASTER SECRET

  73. What if somebody* got hold of the site private key?

    73

  74. 74

  75. 75

  76. 76

  77. 77 Playing the waiting game...

  78. 78

  79. 79

  80. (PERFECT) FORWARDING SECRECY 80

  81. Compromising the pre-master secret does not compromise our communication. 81

  82. PFS: Can’t compromise other keys with a compromised key. 82

  83. Unfortunately.. 83

  84. 84 PFS needs server AND browser support

  85. 85 http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html

  86. 86 http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html

  87. All bets are of when using MS and Apple. 87

  88. Update your cipher suite list and place PFS ciphers at

    the top 88

  89. But beware: heavy computations 89

  90. 90 SSL Test https://www.ssllabs.com/ssltest/

  91. -ETOOMUCHINFO 91

  92. 92 https://www.ssllabs.com/projects/best-practices/index.html

  93. http://farm1.static.flickr.com/73/163450213_18478d3aa6_d.jpg 93

  94. 94 Find me on twitter: @jaytaph Find me for development

    and training: www.noxlogic.nl Find me on email: [email protected] Find me for blogs: www.adayinthelifeof.nl http://joind.in/10397

  95. 95