Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The first few milliseconds of HTTPS

The first few milliseconds of HTTPS

AmsterdamPHP meetup

Joshua Thijssen

January 16, 2014
Tweet

More Decks by Joshua Thijssen

Other Decks in Technology

Transcript

  1. 2 Joshua Thijssen Freelance consultant, developer and trainer @ NoxLogic

    Founder of the Dutch Web Alliance Development in PHP, Python, C, Java. Lead developer of Saffire. Blog: http://adayinthelifeof.nl Email: [email protected] Twitter: @jaytaph
  2. 3

  3. ➡ What’s happening in the first 200+ milliseconds on a

    HTTPS connection. ➡ Give tips and hints on hardening your setup. 3
  4. ➡ What’s happening in the first 200+ milliseconds on a

    HTTPS connection. ➡ Give tips and hints on hardening your setup. ➡ Give you insights in new and upcoming technologies. 3
  5. ➡ What’s happening in the first 200+ milliseconds on a

    HTTPS connection. ➡ Give tips and hints on hardening your setup. ➡ Give you insights in new and upcoming technologies. ➡ Show you things to you (probably) didn’t knew. 3
  6. This talk is inspired by a blogpost from Jeff Moser

    http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html Unknown fact! 4
  7. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! SSL 1.0 Vaporware 1994 8
  8. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 SSL 1.0 Vaporware 1994 8
  9. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 apr 2006 TLS 1.1 SSL 1.0 Vaporware 1994 8
  10. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 apr 2006 TLS 1.1 TLS 1.2 aug 2008 SSL 1.0 Vaporware 1994 8
  11. ➡ Binary protocol - so no quick telnet-to-see-if-it-works* ➡ Difficult

    algorithms and handshakes 11 * We can with openssl
  12. ➡ Binary protocol - so no quick telnet-to-see-if-it-works* ➡ Difficult

    algorithms and handshakes ➡ (Easy) extendible 11 * We can with openssl
  13. 14

  14. 15

  15. 23

  16. 24

  17. 24 ➡ SNI (Server Name Indication) ➡ Extension 0x0000 ➡

    Pretty much every decent browser / server.
  18. 24 ➡ SNI (Server Name Indication) ➡ Extension 0x0000 ➡

    Pretty much every decent browser / server. ➡ Isn’t supported by: IE6, Win XP, Blackberry, Android 2.x
  19. 24 ➡ SNI (Server Name Indication) ➡ Extension 0x0000 ➡

    Pretty much every decent browser / server. ➡ Isn’t supported by: IE6, Win XP, Blackberry, Android 2.x ➡ So no worries!
  20. 25

  21. TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Used for exchanging key information

    Used for authenticating key information Actual cipher (and length) used for communication 27
  22. TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Used for exchanging key information

    Used for authenticating key information Actual cipher (and length) used for communication Block cipher mode 27
  23. TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Used for exchanging key information

    Used for authenticating key information Used for message authenticating Actual cipher (and length) used for communication Block cipher mode 27
  24. SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384

    \ EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \ EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 \ EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \ EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; Apache Nginx 32 https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
  25. 34

  26. 35

  27. 36

  28. 37

  29. 38

  30. What an SSL certificate is NOT: 39 ➡ SSL certificate

    (but a X.509 certificate) ➡ Automatically secure
  31. What an SSL certificate is NOT: 39 ➡ SSL certificate

    (but a X.509 certificate) ➡ Automatically secure ➡ Automatically trustworthy
  32. What an SSL certificate is NOT: 39 ➡ SSL certificate

    (but a X.509 certificate) ➡ Automatically secure ➡ Automatically trustworthy ➡ In any way better self-signed certificates
  33. What an SSL certificate is NOT: 39 ➡ SSL certificate

    (but a X.509 certificate) ➡ Automatically secure ➡ Automatically trustworthy ➡ In any way better self-signed certificates ➡ Cheap
  34. What an SSL certificate is: 40 ➡ The best way

    (but not perfect) to prove authenticity
  35. What an SSL certificate is: 40 ➡ The best way

    (but not perfect) to prove authenticity ➡ A way to bootstrap encrypted communication
  36. What an SSL certificate is: 40 ➡ The best way

    (but not perfect) to prove authenticity ➡ A way to bootstrap encrypted communication ➡ Misleading
  37. What an SSL certificate is: 40 ➡ The best way

    (but not perfect) to prove authenticity ➡ A way to bootstrap encrypted communication ➡ Misleading ➡ (Too) Expensive
  38. 41

  39. 41 ➡ X.509 Certificate ➡ Owner info (who is this

    owner) ➡ Domain info (for which domain(s) is this certificate valid)
  40. 41 ➡ X.509 Certificate ➡ Owner info (who is this

    owner) ➡ Domain info (for which domain(s) is this certificate valid) ➡ Expiry info (from when to when is this certificate valid)
  41. 42

  42. ➡ (Root) Certificate Authorities ➡ They are built into your

    browser / OS and you will automatically trust them. 45
  43. 47

  44. 48

  45. 49 pre master secret server rand client rand master secret

    master secret server rand client rand Generating secrets: + + + +
  46. 49 pre master secret server rand client rand master secret

    master secret server rand client rand key buffer Generating secrets: + + + +
  47. 49 pre master secret server rand client rand master secret

    client MAC client KEY client IV server MAC server KEY server IV master secret server rand client rand key buffer Generating secrets: + + + +
  48. 50

  49. 51

  50. 52

  51. 53

  52. 54

  53. 55 Wireshark CAN decrypt your HTTPS traffic Unknown fact! SSLKEYLOGFILE

    https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets+/16415
  54. 57

  55. ➡ TLS has overhead in computation and transfers. But definitely

    worth it. ➡ Some ciphersuites are better, but slower ➡ Speed / Security compromise 58
  56. 63

  57. 64

  58. 65

  59. 67

  60. 68

  61. 81 ➡ Unless you got good reasons not to, get

    the cheapest certificate possible. ➡ Add the HTTP Strict Transport Security header. ➡ Don’t support SSLv3 or older ➡ Support PFS ➡ Check through https://ssllabs.com/ssltest
  62. 84 Find me on twitter: @jaytaph Find me for development

    and training: www.noxlogic.nl Find me on email: [email protected] Find me for blogs: www.adayinthelifeof.nl http://joind.in/10397
  63. 85