Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The first few milliseconds of HTTPS

Joshua Thijssen
January 24, 2014
0
290

The first few milliseconds of HTTPS

Joshua Thijssen

January 24, 2014
Tweet

More Decks by Joshua Thijssen

See All by Joshua Thijssen
RAFT: A story on how clusters of computers keep your data in sync
jaytaph
0
26
The first few milliseconds of HTTPS
jaytaph
0
160
Paradoxes and theorems every developer should know
jaytaph
0
190
Paradoxes and theorems every developer should know
jaytaph
0
420
The first few milliseconds of HTTPS - PHPNW16
jaytaph
1
160
compiler_-_php010.pdf
jaytaph
0
74
Paradoxes and theorems every developer should know
jaytaph
0
170
Introduction into interpreters, compilers and JIT
jaytaph
1
160
Paradoxes and theorems every developer should know
jaytaph
1
750

Featured

See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
14
1.5k
The MySQL Ecosystem @ GitHub 2015
samlambert
243
12k
How GitHub (no longer) Works
holman
304
140k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
2
1.3k
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
Faster Mobile Websites
deanohume
299
30k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
17
1.4k
BBQ
matthewcrist
80
8.8k
A Philosophy of Restraint
colly
197
16k
Creatively Recalculating Your Daily Design Routine
revolveconf
210
11k
A designer walks into a library…
pauljervisheath
200
23k
Statistics for Hackers
jakevdp
789
220k

Transcript

  1. The first 200 milliseconds of HTTPS 1 Joshua Thijssen jaytaph

  2. ➡ What’s happening in the first 200+ milliseconds on a

    HTTPS connection. ➡ Give tips and hints on hardening your setup. ➡ Give you insights in new and upcoming technologies. ➡ Show you things to you (probably) didn’t knew. 2

  3. This talk is inspired by a blogpost from Jeff Moser

    http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html Unknown fact! 3

  4. HTTPwut? 4

  5. HTTP over TLS 5 Transport Layer Security

  6. Secure Socket Layer (SSL) 6 A short and scary history

  7. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 apr 2006 TLS 1.1 TLS 1.2 aug 2008 SSL 1.0 Vaporware 1994 7

  8. https://www.trustworthyinternet.org/ssl-pulse/ Supported versions - november 2013 25,7% 99,6% 99,3% 18,2%

    20,7% SSL 2.0 SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2 8 borked meh ok

  9. RFC 5246 (TLS v1.2) 9

  10. ➡ Binary protocol - so no quick telnet-to-see-if-it-works* ➡ Difficult

    algorithms and handshakes ➡ (Easy) extendible 10 * We can with openssl

  11. 11 https://github.com/vincentbernat/rfc5077/blob/master/ssl-handshake.svg

  12. Attention: (live) wiresharking up ahead 12

  13. 13

  14. 14

  15. Generating randomness is HARD 15

  16. entropy (uncertainty) 16

  17. TIME is NOT random thus not a very good entropy

    source 17

  18. PHP is bad when it comes to entropy 18 Unknown

    fact!

  19. srand(microtime()) 19 Unknown fact!

  20. openssl_pseudo_random_bytes() read from /dev/(u)random Use a HRNG “A million random

    digits” https://github.com/ircmaxell/RandomLib 20

  21. 21

  22. TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 22

  23. TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Used for exchanging key information

    Used for authenticating key information Used for message authenticating Actual cipher (and length) used for communication Block cipher mode 23

  24. TLS_RSA_WITH_AES_256_CBC_SHA256 24

  25. TLS_NULL_WITH_NULL_NULL 25

  26. Client gives cipher options, Server ultimately decides on cipher! 26

  27. THIS IS WHY YOU SHOULD ALWAYS CONFIGURE YOUR CIPHERS ON

    YOUR WEBSERVER! 27 Unknown fact!

  28. SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384

    \ EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \ EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 \ EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \ EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; Apache Nginx 28 https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy

  29. https://www.ssllabs.com/ssltest/ 29

  30. 30

  31. 31

  32. 32 ➡ SNI (Server Name Indication) ➡ Extension 0x0000 ➡

    Pretty much every decent browser / server. ➡ Isn’t supported by: IE6, Win XP, Blackberry, Android 2.x ➡ So no worries!

  33. 33

  34. 34

  35. 35

  36. 36

  37. What an SSL certificate is NOT: 37 ➡ SSL certificate

    (but a X.509 certificate) ➡ Automatically secure ➡ Automatically trustworthy ➡ In any way better self-signed certificates ➡ Cheap

  38. What an SSL certificate is: 38 ➡ The best way

    (but not perfect) to prove authenticity ➡ A way to bootstrap encrypted communication ➡ Misleading ➡ (Too) Expensive

  39. 39 ➡ X.509 Certificate ➡ Owner info (who is this

    owner) ➡ Domain info (for which domain(s) is this certificate valid) ➡ Expiry info (from when to when is this certificate valid)

  40. 40

  41. 41 yourdomain.com Root CA Intermediate CA

  42. 42 IMPLIED TRU$T

  43. ➡ (Root) Certificate Authorities ➡ They are built into your

    browser / OS and you will automatically trust them. 43

  44. 44 wget http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt\?raw\=1 -O - -q | grep Issuer |

    sort | uniq | wc -l 174

  45. 45

  46. 46

  47. 47 pre master secret server rand client rand master secret

    client MAC client KEY client IV server MAC server KEY server IV master secret server rand client rand key buffer Generating secrets: + + + +

  48. 48

  49. 49

  50. 50

  51. 51

  52. 52

  53. 53 Wireshark CAN decrypt your HTTPS traffic Unknown fact! SSLKEYLOGFILE

    https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets+/16415

  54. 54 launchctl setenv SSLKEYLOGFILE /tmp/keylog.secret on a mac:

  55. 55

  56. ➡ TLS has overhead in computation and transfers. But definitely

    worth it. ➡ Some ciphersuites are better, but slower ➡ Speed / Security compromise ➡ (try: “openssl speed”) 56

  57. Are we safe yet? 57

  58. euh,.. no :/ 58

  59. 59 PRE MASTER SECRET

  60. What if somebody* got hold of the site private key?

    60

  61. 61

  62. 62

  63. 63

  64. 64 Playing the waiting game...

  65. 65

  66. 66

  67. (PERFECT) FORWARDING SECRECY 67

  68. Compromising the pre-master secret does not compromise our communication. 68

  69. PFS: Can’t compromise other keys with a compromised key. 69

  70. Unfortunately.. 70

  71. 71 PFS needs server AND browser support

  72. 72 http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html

  73. 73 http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html

  74. All bets are of when using MS and Apple. 74

  75. Update your cipher suite list and place PFS ciphers at

    the top 75

  76. But beware: heavy computations 76

  77. 77 SSL Test https://www.ssllabs.com/ssltest/

  78. -ETOOMUCHINFO 78

  79. 79 ➡ Unless you got good reasons not to, get

    the cheapest certificate possible. ➡ Add the HTTP Strict Transport Security header. ➡ Don’t support SSLv3 or older ➡ Support PFS ➡ Check through https://ssllabs.com/ssltest

  80. 80 https://www.ssllabs.com/projects/best-practices/index.html

  81. http://farm1.static.flickr.com/73/163450213_18478d3aa6_d.jpg 81

  82. 82 Find me on twitter: @jaytaph Find me for development

    and training: www.noxlogic.nl Find me on email: [email protected] Find me for blogs: www.adayinthelifeof.nl http://joind.in/10292

  83. 83