Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The first few milliseconds of HTTPS

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Joshua Thijssen Joshua Thijssen
July 01, 2017
290
0

The first few milliseconds of HTTPS

Avatar for Joshua Thijssen

Joshua Thijssen

July 01, 2017

More Decks by Joshua Thijssen

See All by Joshua Thijssen
RAFT: A story on how clusters of computers keep your data in sync
Avatar for Joshua Thijssen jaytaph
0
71
Paradoxes and theorems every developer should know
Avatar for Joshua Thijssen jaytaph
0
340
Paradoxes and theorems every developer should know
Avatar for Joshua Thijssen jaytaph
0
780
The first few milliseconds of HTTPS - PHPNW16
Avatar for Joshua Thijssen jaytaph
1
280
compiler_-_php010.pdf
Avatar for Joshua Thijssen jaytaph
0
150
Paradoxes and theorems every developer should know
Avatar for Joshua Thijssen jaytaph
0
290
Introduction into interpreters, compilers and JIT
Avatar for Joshua Thijssen jaytaph
1
370
Paradoxes and theorems every developer should know
Avatar for Joshua Thijssen jaytaph
1
970
Are you out of memory, or have plenty to spare?
Avatar for Joshua Thijssen jaytaph
0
260

Featured

See All Featured
How to build an LLM SEO readiness audit: a practical framework
Avatar for Nick Samuel nmsamuel
1
770
Building the Perfect Custom Keyboard
Avatar for Naoto Takai takai
2
780
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
Avatar for Sam Stephenson sstephenson
162
16k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
41
2.5k
A Soul's Torment
Avatar for Nat Ma seathinner
6
2.9k
AI in Enterprises - Java and Open Source to the Rescue
Avatar for ivargrimstad ivargrimstad
0
1.3k
The Language of Interfaces
Avatar for Des Traynor destraynor
162
27k
The agentic SEO stack - context over prompts
Avatar for schlessera schlessera
0
790
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
Avatar for Mine Cetinkaya-Rundel minecr
1
280
Color Theory Basics | Prateek | Gurzu
Avatar for Gurzu gurzu
0
350
Ten Tips & Tricks for a 🌱 transition
Avatar for Manu Carrasco Molina stuffmc
0
130
How To Speak Unicorn (iThemes Webinar)
Avatar for Michelle Schulp Hunt marktimemedia
1
480

Transcript

  1. The first few milliseconds of HTTPS 1 Joshua Thijssen JayTaph

  2. 2

  3. ➡ What’s happening in the first 200+ milliseconds in a

    initial HTTPS connection. 2

  4. ➡ What’s happening in the first 200+ milliseconds in a

    initial HTTPS connection. ➡ Give tips and hints on hardening your setup. 2

  5. ➡ What’s happening in the first 200+ milliseconds in a

    initial HTTPS connection. ➡ Give tips and hints on hardening your setup. ➡ Give you insights in new and upcoming technologies. 2

  6. ➡ What’s happening in the first 200+ milliseconds in a

    initial HTTPS connection. ➡ Give tips and hints on hardening your setup. ➡ Give you insights in new and upcoming technologies. ➡ Show you things to you (probably) didn’t knew. 2

  7. HTTPS == HTTP on top of TLS 3

  8. Transport Layer Security (TLS) 4

  9. Secure Socket Layer (SSL) 5 A short and scary history

  10. then now 6

  11. then now SSL 1.0 Vaporware 1994 6

  12. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer SSL 1.0 Vaporware

    1994 6

  13. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! SSL 1.0 Vaporware 1994 6

  14. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 SSL 1.0 Vaporware 1994 6

  15. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 apr 2006 TLS 1.1 SSL 1.0 Vaporware 1994 6

  16. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 apr 2006 TLS 1.1 TLS 1.2 aug 2008 SSL 1.0 Vaporware 1994 6

  17. https://www.trustworthyinternet.org/ssl-pulse/ 25,7% 99,6% 99,3% 18,2% 20,7% SSL 2.0 SSL 3.0

    TLS 1.0 TLS 1.1 TLS 1.2 7 November 2013

  18. https://www.trustworthyinternet.org/ssl-pulse/ 25,7% 99,6% 99,3% 18,2% 20,7% SSL 2.0 SSL 3.0

    TLS 1.0 TLS 1.1 TLS 1.2 7 November 2013 4,5% 15,6% 93,9% 83,6% 86,8% SSL 2.0 SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2 June 2017

  19. 8

  20. RFC 5246 (TLS v1.2) 9

  21. ➡ Authenticate and exchange information. ➡ Exchange a key (through

    a public key system). ➡ Create "tunnel" with symmetric encryption (both sides use the same exchanged key). 10

  22. 11 https://github.com/vincentbernat/rfc5077/blob/master/ssl-handshake.svg

  23. Attention: (live) wiresharking up ahead 12

  24. 13

  25. TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 14

  26. TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 15

  27. TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Cipher for exchanging key information

    15

  28. TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Cipher for exchanging key information

    Cipher for authenticating key information 15

  29. TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Cipher for exchanging key information

    Cipher for authenticating key information Actual cipher (and length) used for communication 15

  30. TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Cipher for exchanging key information

    Cipher for authenticating key information Hash algo for message authenticating Actual cipher (and length) used for communication 15

  31. TLS_RSA_WITH_AES_256_CBC_SHA256 16

  32. TLS_NULL_WITH_NULL_NULL 17

  33. Client gives cipher options, Server ultimately decides on cipher! 18

  34. THIS IS WHY YOU SHOULD ALWAYS CONFIGURE YOUR CIPHERS ON

    YOUR WEB SERVER! 19 Unknown fact!

  35. 20 https://cipherli.st Gives you strong cipher configuration webservers (apache,nginx etc)

    and other software.

  36. https://www.ssllabs.com/ssltest/ 21

  37. 22

  38. 23 ➡ SNI (Server Name Indication) ➡ Extension 0x0000 ➡

    Pretty much every decent browser / server / os ➡ Except: IE6, Win XP, Blackberry, Android 2.x, java 1.6.x

  39. 24

  40. What an SSL certificate is NOT: 25 ➡ SSL certificate

    (but a X.509 certificate) ➡ Automatically secure ➡ Automatically trustworthy ➡ In any way better self-signed certificates ➡ Cheap

  41. What an SSL certificate is: 26 ➡ The best way

    (but not perfect) to prove authenticity ➡ A way to bootstrap encrypted communication ➡ Misleading ➡ (Too) Expensive

  42. Certificate: Data: Version: 3 (0x2) Serial Number: 0c:00:93:10:d2:06:db:e3:37:55:35:80:11:8d:dc:87 Signature Algorithm:

    sha256WithRSAEncryption Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA Validity Not Before: Apr 8 00:00:00 2014 GMT Not After : Apr 12 12:00:00 2016 GMT Subject: ... C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b1:d4:dc:3c:af:fd:f3:4e:ed:c1:67:ad:e6:cb: 22:e8:b7:e2:ab:28:f2:f7:dc:62:70:08:d1:0c:af: ....... 67:8d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:github.com, DNS:www.github.com X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE Signature Algorithm: sha256WithRSAEncryption 6f:e7:6d:cb:82:f3:ef:90:87:09:d7:0f:15:22:2c:8c:fe:d3: ab:1c:8a:96:db:5d:12:5d:d1:78:c0:31:b0:ff:45:c8:89:f7: 08:98:52:17:1f:4c:4b:20:64:6a:6d:db:50:d7:10:be:7e:ab: ...... ee:b7:33:69 27

  43. 28 yourdomain.com

  44. 28 yourdomain.com Intermediate CA

  45. 28 yourdomain.com Intermediate CA

  46. 28 yourdomain.com Root CA Intermediate CA

  47. 28 yourdomain.com Root CA Intermediate CA

  48. 28 yourdomain.com Root CA Intermediate CA

  49. 29 IMPLIED TRU$T

  50. ➡ (Root) Certificate Authorities ➡ They are built into your

    browser / OS and you will automatically trust them. 30

  51. 31 wget http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt\?raw\=1 -O - -q | grep Issuer |

    sort | uniq | wc -l

  52. 31 wget http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt\?raw\=1 -O - -q | grep Issuer |

    sort | uniq | wc -l 181 And rising...

  53. 32

  54. 32 ➡ X.509 certificates are used to authenticate the server.

  55. 32 ➡ X.509 certificates are used to authenticate the server.

    ➡ Servers can ask clients to authenticate themselves as well.

  56. 32 ➡ X.509 certificates are used to authenticate the server.

    ➡ Servers can ask clients to authenticate themselves as well. ➡ APIs

  57. Sending over our initial secret data 33

  58. ➡ Client generates random key (pre-shared key). ➡ Client encrypts

    key with public key from server SSL certificate. ➡ Client sends encrypted key to server. ➡ Server decrypts key with private key. 34 RSA

  59. ➡ Server generates key pair ➡ Server sends public key

    to client, with signature to prove authenticity (pub key from SSL certificate) ➡ Client generates key pair ➡ Client sends public key to server ➡ Both server and client calculate "secret". 35 (Elliptic curve) Diffie-Hellman (ephemeral)

  60. 36

  61. 37 Generating secrets:

  62. 37 pre master secret Generating secrets:

  63. 37 pre master secret server rand client rand Generating secrets:

    + +

  64. 37 pre master secret server rand client rand master secret

    Generating secrets: + +

  65. 37 pre master secret server rand client rand master secret

    master secret server rand client rand Generating secrets: + + + +

  66. 37 pre master secret server rand client rand master secret

    master secret server rand client rand key buffer Generating secrets: + + + +

  67. 37 pre master secret server rand client rand master secret

    client MAC client KEY client IV server MAC server KEY server IV master secret server rand client rand key buffer Generating secrets: + + + +

  68. https://github.com/jaytaph/TLS-decoder 38 http://www.adayinthelifeof.nl/2013/12/30/decoding-tls-with-php/ Try it yourself, php style:

  69. 39

  70. 40

  71. 41

  72. 42 Wireshark CAN decrypt your HTTPS traffic Unknown fact! SSLKEYLOGFILE

    https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets+/16415

  73. 43 launchctl setenv SSLKEYLOGFILE /tmp/keylog.secret on a mac:

  74. -ETOOMUCHINFO 44

  75. ➡ TLS has overhead in computation and transfers. But definitely

    worth it. ➡ Google likes it. ➡ Some cipher suites are better, but slower. ➡ Speed / Security compromise ➡ (try: “openssl speed”) 45

  76. https://tools.ietf.org/html/rfc7457 46 Summarizing Known Attacks on Transport Layer Security (TLS)

    and Datagram TLS (DTLS)

  77. TLS 1.3 47

  78. 48 ➡ Still in draft ➡ 1-RTT (initial 0-RTT) for

    handshakes ➡ Dropped insecure features

  79. 49 https://www.ssllabs.com/projects/best-practices/index.html

  80. http://farm1.static.flickr.com/73/163450213_18478d3aa6_d.jpg 50

  81. 51 Find me on twitter: @jaytaph Find me for development

    and training: www.noxlogic.nl Find me on email: [email protected] Find me for blogs: www.adayinthelifeof.nl