Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The first few milliseconds of HTTPS

Joshua Thijssen
January 08, 2014
0
180

The first few milliseconds of HTTPS

What happens when your browser connects to a HTTPS secure site? We all know it has to do something with certificates, blue and green address bars and sometimes your browser will give warnings which we normally click away. But what actually happens under the hood? In this talk I will give a step-by-step explanation on the first few hundred milliseconds during a connection to HTTPS. We will talk about master secrets, shared secrets, cipher suites, x509 certificates and why secure does not (always) mean secure. After this talk you not only can use HTTPS correctly, but also understand their basic foundations as well.

Joshua Thijssen

January 08, 2014
Tweet

More Decks by Joshua Thijssen

See All by Joshua Thijssen
RAFT: A story on how clusters of computers keep your data in sync
jaytaph
0
26
The first few milliseconds of HTTPS
jaytaph
0
160
Paradoxes and theorems every developer should know
jaytaph
0
190
Paradoxes and theorems every developer should know
jaytaph
0
430
The first few milliseconds of HTTPS - PHPNW16
jaytaph
1
160
compiler_-_php010.pdf
jaytaph
0
75
Paradoxes and theorems every developer should know
jaytaph
0
170
Introduction into interpreters, compilers and JIT
jaytaph
1
160
Paradoxes and theorems every developer should know
jaytaph
1
750

Featured

See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
2
1.3k
Robots, Beer and Maslow
schacon
PRO
155
7.9k
WebSockets: Embracing the real-time Web
robhawkes
59
7k
Embracing the Ebb and Flow
colly
80
4.1k
Product Roadmaps are Hard
iamctodd
44
9.7k
A better future with KSS
kneath
231
16k
Bash Introduction
62gerente
604
210k
Music & Morning Musume
bryan
41
5.6k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.9k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
241
1.2M
Atom: Resistance is Futile
akmur
259
25k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
30
6k

Transcript

  1. The first 200 milliseconds of HTTPS 1 Joshua Thijssen jaytaph

  2. 2 Joshua Thijssen Freelance consultant, developer and trainer @ NoxLogic

    Founder of the Dutch Web Alliance Development in PHP, Python, C, Java. Lead developer of Saffire. Blog: http://adayinthelifeof.nl Email: [email protected] Twitter: @jaytaph

  3. ➡ What’s happening in the first 200+ milliseconds on a

    HTTPS connection. ➡ Give tips and hints on hardening your setup. ➡ Give you insights in new and upcoming technologies. ➡ Show you things to you (probably) didn’t knew. 3

  4. This talk is inspired by a blogpost from Jeff Moser

    http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html Unknown fact! 4

  5. TCP/IP 5

  6. TCP IP 6 Network Layer Transport Layer

  7. TCP IP 7 Network Layer Transport Layer HTTP Application Layer

  8. 8 HTTPS is not a protocol Unknown fact!

  9. RFC 2818 (7 page RFC) 9

  10. 2. HTTP Over TLS Conceptually, HTTP/TLS is very simple. Simply

    use HTTP over TLS precisely as you would use HTTP over TCP. 10

  11. HTTPS is the same as HTTP Transport layer differs 11

  12. So this is a talk about TLS 12

  13. Transport Layer Security 13

  14. TCP IP 14 Network Layer Transport Layer HTTP Application Layer

    TLS Session Layer HTTPS

  15. Port 80: http Port 443: https 15

  16. You CAN run HTTP and TLS simultaneously over one port.

    16 Unknown fact!

  17. TLS can be used for transporting other protocols as well

    (IMAP, SMTP etc) 17 Unknown fact!

  18. Secure Socket Layer (SSL) 18 A short and scary history

  19. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 apr 2006 TLS 1.1 TLS 1.2 aug 2008 SSL 1.0 Vaporware 1994 19

  20. https://www.trustworthyinternet.org/ssl-pulse/ Supported versions - november 2013 25,7% 99,6% 99,3% 18,2%

    20,7% SSL 2.0 SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2 20

  21. RFC 5246 (TLS v1.2) 21

  22. ➡ Binary protocol - so no quick telnet-to-see-if-it-works* ➡ Different

    records ➡ Handshake protocol ➡ Alert protocol ➡ ChangeCipherSpec protocol ➡ Application protocol 22 * We can with openssl

  23. 23 https://github.com/vincentbernat/rfc5077/blob/master/ssl-handshake.svg

  24. Attention: (live) wiresharking up ahead 24

  25. 25

  26. 26

  27. Generating randomness is HARD 27

  28. entropy (uncertainty) 28

  29. TIME is NOT random thus not a very good entropy

    source 29

  30. PHP is bad when it comes to entropy 30 Unknown

    fact!

  31. srand(microtime()) 31 Unknown fact!

  32. rand() mt_rand() uniqid() 32

  33. openssl_pseudo_random_bytes() read from /dev/random read from /dev/urandom Use a HRNG

    “A million random digits” https://github.com/ircmaxell/RandomLib 33

  34. 34

  35. TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 35

  36. TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Used for exchanging key information

    Used for authenticating key information Used for message authenticating Actual cipher (and length) used for communication Block cipher mode 36

  37. TLS_RSA_WITH_AES_256_CBC_SHA256 37

  38. TLS_NULL_WITH_NULL_NULL 38

  39. Client gives cipher options, Server ultimately decides on cipher! 39

  40. THIS IS WHY YOU SHOULD ALWAYS CONFIGURE YOUR CIPHERS ON

    YOUR WEBSERVER! 40 Unknown fact!

  41. SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384

    \ EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \ EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 \ EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \ EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; Apache Nginx 41 https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy

  42. https://www.ssllabs.com/ssltest/ 42

  43. 43

  44. 44

  45. 45

  46. SSL Certificates (X.509) 46

  47. 47

  48. 48 ➡ X.509 Certificate ➡ Owner info (who is this

    owner) ➡ Domain info (for which domain(s) is this certificate valid) ➡ Expiry info (from when to when is this certificate valid)

  49. ➡ But.. what if somebody is lying in their SSL

    certificate? ➡ Changing some data in the certificate? 49

  50. 50

  51. 51 github.com Root CA Intermediate CA

  52. 52 IMPLIED TRU$T

  53. ➡ (Root) Certificate Authorities ➡ They are built into your

    browser / OS and you will automatically trust them. 53

  54. 54 wget http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt\?raw\=1 -O - -q | grep Issuer |

    sort | uniq | wc -l 174

  55. ➡ We are forced to trust companies that make a

    living on selling as many certificates as possible.. ➡ It’s a flawed system, but the best we have :( 55

  56. 56

  57. 57

  58. Generation of (lots of) secrets 58

  59. PRE MASTER SECRET 59

  60. 60 Pre Master Secret Random Server Number Random Client Number

    + + Master Secret =

  61. 61 MASTER SECRET client write MAC client write KEY client

    write IV server write MAC server write KEY server write IV

  62. https://github.com/jaytaph/TLS-decoder 62 http://www.adayinthelifeof.nl/2013/12/30/decoding-tls-with-php/ Try it yourself, php style:

  63. 63

  64. 64

  65. 65

  66. 66

  67. 67 Wireshark CAN decrypt your HTTPS traffic Unknown fact! SSLKEYLOGFILE

    https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets+/16415

  68. 68 launchctl setenv SSLKEYLOGFILE /tmp/keylog.secret on a mac:

  69. 69

  70. ➡ TLS overhead ➡ Initial handshake (costly) ➡ 5+X bytes

    overhead 1 byte content-type, 2 byte TLS version, 2 byte data length, X bytes HMAC ➡ Encrypting / Decrypting ➡ HMAC integrity check 70

  71. ➡ Some ciphersuites are better, but slower ➡ Speed /

    Security compromise 71

  72. 72 PRE MASTER SECRET

  73. What if somebody* got hold of the site private key?

    73

  74. 74

  75. 75

  76. 76

  77. 77 Playing the waiting game...

  78. 78

  79. 79

  80. (PERFECT) FORWARDING SECRECY 80

  81. Compromising the pre-master secret does not compromise our communication. 81

  82. PFS: Can’t compromise other keys with a compromised key. 82

  83. Unfortunately.. 83

  84. 84 PFS needs server AND browser support

  85. 85 http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html

  86. 86 http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html

  87. All bets are of when using MS and Apple. 87

  88. Update your cipher suite list and place PFS ciphers at

    the top 88

  89. But beware: heavy computations 89

  90. 90 SSL Test https://www.ssllabs.com/ssltest/

  91. -ETOOMUCHINFO 91

  92. 92 https://www.ssllabs.com/projects/best-practices/index.html

  93. http://farm1.static.flickr.com/73/163450213_18478d3aa6_d.jpg 93

  94. 94 Find me on twitter: @jaytaph Find me for development

    and training: www.noxlogic.nl Find me on email: [email protected] Find me for blogs: www.adayinthelifeof.nl http://joind.in/10397

  95. 95