Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SSL Debugging at Chicago Coder Conference 2016

SSL Debugging at Chicago Coder Conference 2016

John Downey

June 06, 2016
Tweet

More Decks by John Downey

Other Decks in Programming

Transcript

  1. The views expressed in this presentation are my own, and

    not those of PayPal or any of its affiliates. @jtdowney 4
  2. Terminology 4 SSL - Secure Sockets Layer 4 TLS -

    Transport Layer Security @jtdowney 5
  3. History 4 1995 - Netscape releases SSL 2.0 4 1996

    - Netscape releases SSL 3.0 4 1999 - IETF releases TLS 1.0 (RFC 2246) 4 2006 - IETF releases TLS 1.1 (RFC 4346) 4 2008 - IETF releases TLS 1.2 (RFC 5246) 4 TLS 1.3 in draft (github.com/tlswg/tls13-spec) @jtdowney 7
  4. Broad types of cryptography 4 Symmetric cryptography - both sides

    share the same key 4 Asymmetric (public key) cryptography - each side has a different key @jtdowney 9
  5. Public Key Cryptography 4 Solves the key distribution problem 4

    Algorithms typically based on hard math problems 4 Fills two roles 4 Digital signatures 4 Key exchange @jtdowney 10
  6. Digital Signatures 4 Allows a public verification key to be

    published 4 A signer keeps the private signing key 4 Messages from the signer can be verified 4 Also protects integrity @jtdowney 11
  7. Key Exchange 4 Asymmetric crypto is far slower than symmetric

    cryptography 4 Uses asymmetric to setup a shared key, so both sides can switch to symmetric @jtdowney 12
  8. Algorithms 4 Digital Signatures - RSA, DSA, ECDSA 4 Key

    Exchange - RSA, DH, ECDH @jtdowney 13
  9. RSA Security 4 Company founded by Ron Rivest, Adi Shamir,

    Leonard Adleman 4 Built to develop crypto based products and standards 4 Held patent on RSA Algorithm until September 2000 @jtdowney 14
  10. Public Key Cryptography Standards 4 Developed by RSA Security to

    standardize usage of RSA 4 Relied on ASN.1 as basic file format @jtdowney 15
  11. ASN.1 4 Abstract syntax notation, one 4 Describes a tree

    structure 4 Typically use Distinguished Encoding Rules (DER) 4 Binary format 4 Canonical representation @jtdowney 16
  12. PEM Files 4 Privacy Enhanced Mail (PEM) 4 Never really

    used 4 Base64 encoded DER data 4 Have headers that describe the contents 4 -----BEGIN CERTIFICATE----- 4 The "preferred" format for OpenSSL @jtdowney 17
  13. File extensions 4 Never well established 4 The extension may

    describe the format but not the contents (.pem, .der) 4 Or it may describe the contents but not the format (.cer, .crt, .key) @jtdowney 18
  14. OpenSSL 4 Fork of SSLeay 4 Created by Eric A.

    Young 4 Forked when he went to work for RSA Security 4 By far the most popular open source TLS/SSL library @jtdowney 19
  15. Generate an RSA Key $ openssl genrsa -out demo.pem Generating

    RSA private key, 2048 bit long modulus ...............................+++ .....................+++ e is 65537 (0x10001) @jtdowney 21
  16. PKCS #1 4 Original standard for RSA 4 Describes storage

    of RSA key in a file 4 Still preferred format by OpenSSL (but not Java) @jtdowney 22
  17. View RSA PEM file (PKCS #1) $ head demo.pem -----BEGIN

    RSA PRIVATE KEY----- MIIEowIBAAKCAQEAw2OAGP1sa0rm4BM9lmBdnB9hHhJz6LajSGB1eg6S+D0UXeop 1ITMdtFW0idd769Wl58R3uw5AvNsbClB2zOa9zjFK8c3szynI/nCYkzpMlp8OcKM lz05qRUDQZ2hYV+z0wAYIGrx61lrvui1H2nioiFNOaZ10lPRljmc9Wg/WvtyowMK YUp5ps1HbOYSnNajfi+UBl0YoT/q3nR410CQl76rxuljYODVf3g5tV6VVL9IxDtJ HJIJxeU+RiWZOudkzWVNDpJmfSnHfJ/vOOo/utzHwGdBfyptHQDecwyG3jRy4Ztp pXAbqVTZjlNaaalsYueBxWM9mbjtgy80DSg7twIDAQABAoIBAEhZ8/lM/nTMi6m1 9jxU+tTxGblVA+7MkrIeZeIIu4uIsp4EM/EqK7xj0E6JnVNADkSe9rMhrgrVsPRs YqKU/XFGaFzJrGqGry23Mq/L4x5uO0n4LK9kUJG34jjN8hBoq+IaStTWRTbtKeTL ryYuw2leA4axiTeVKisCsoh9TdiWVg7Svt31B9oEcYD26EgVV7rkJwmNNdBss5Ds @jtdowney 23
  18. View RSA Key Details $ openssl rsa -text -in demo.pem

    | head writing RSA key Private-Key: (2048 bit) modulus: 00:c3:63:80:18:fd:6c:6b:4a:e6:e0:13:3d:96:60: 5d:9c:1f:61:1e:12:73:e8:b6:a3:48:60:75:7a:0e: 92:f8:3d:14:5d:ea:29:d4:84:cc:76:d1:56:d2:27: 5d:ef:af:56:97:9f:11:de:ec:39:02:f3:6c:6c:29: 41:db:33:9a:f7:38:c5:2b:c7:37:b3:3c:a7:23:f9: c2:62:4c:e9:32:5a:7c:39:c2:8c:97:3d:39:a9:15: 03:41:9d:a1:61:5f:b3:d3:00:18:20:6a:f1:eb:59: 6b:be:e8:b5:1f:69:e2:a2:21:4d:39:a6:75:d2:53: @jtdowney 24
  19. View RSA parse details (PKCS #1) $ openssl asn1parse -in

    demo.pem 0:d=0 hl=4 l=1187 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :00 7:d=1 hl=4 l= 257 prim: INTEGER :C3638018FD6C6B4AE... 268:d=1 hl=2 l= 3 prim: INTEGER :010001 273:d=1 hl=4 l= 256 prim: INTEGER :4859F3F94CFE74CC8... 533:d=1 hl=3 l= 129 prim: INTEGER :EA7858DA0442FCACA... 665:d=1 hl=3 l= 129 prim: INTEGER :D55478D835A975238... 797:d=1 hl=3 l= 128 prim: INTEGER :3F9086CDFC0FC8FE6... 928:d=1 hl=3 l= 129 prim: INTEGER :B15D41FBC0E1DB1A6... 1060:d=1 hl=3 l= 128 prim: INTEGER :41DAB94D9A546263F... @jtdowney 25
  20. Convert PKCS #1 key to PKCS #8 $ openssl pkcs8

    -topk8 -nocrypt -in demo.pem -out demo.pk8 @jtdowney 27
  21. View RSA PEM file (PKCS #8) $ head demo.pk8 -----BEGIN

    PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDY4AY/WxrSubg Ez2WYF2cH2EeEnPotqNIYHV6DpL4PRRd6inUhMx20VbSJ13vr1aXnxHe7DkC82xs KUHbM5r3OMUrxzezPKcj+cJiTOkyWnw5woyXPTmpFQNBnaFhX7PTABggavHrWWu+ 6LUfaeKiIU05pnXSU9GWOZz1aD9a+3KjAwphSnmmzUds5hKc1qN+L5QGXRihP+re dHjXQJCXvqvG6WNg4NV/eDm1XpVUv0jEO0kckgnF5T5GJZk652TNZU0OkmZ9Kcd8 n+846j+63MfAZ0F/Km0dAN5zDIbeNHLhm2mlcBupVNmOU1ppqWxi54HFYz2ZuO2D LzQNKDu3AgMBAAECggEASFnz+Uz+dMyLqbX2PFT61PEZuVUD7sySsh5l4gi7i4iy ngQz8SorvGPQTomdU0AORJ72syGuCtWw9GxiopT9cUZoXMmsaoavLbcyr8vjHm47 Sfgsr2RQkbfiOM3yEGir4hpK1NZFNu0p5MuvJi7DaV4DhrGJN5UqKwKyiH1N2JZW @jtdowney 28
  22. View RSA parse details (PKCS #8) openssl asn1parse -in demo.pk8

    0:d=0 hl=4 l=1213 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :00 7:d=1 hl=2 l= 13 cons: SEQUENCE 9:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption 20:d=2 hl=2 l= 0 prim: NULL 22:d=1 hl=4 l=1191 prim: OCTET STRING [HEX DUMP]:308204A... @jtdowney 29
  23. Get public key from private key $ openssl rsa -pubout

    -in demo.pem -out demo_pub.pem $ cat demo_pub.pem -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2OAGP1sa0rm4BM9lmBd nB9hHhJz6LajSGB1eg6S+D0UXeop1ITMdtFW0idd769Wl58R3uw5AvNsbClB2zOa 9zjFK8c3szynI/nCYkzpMlp8OcKMlz05qRUDQZ2hYV+z0wAYIGrx61lrvui1H2ni oiFNOaZ10lPRljmc9Wg/WvtyowMKYUp5ps1HbOYSnNajfi+UBl0YoT/q3nR410CQ l76rxuljYODVf3g5tV6VVL9IxDtJHJIJxeU+RiWZOudkzWVNDpJmfSnHfJ/vOOo/ utzHwGdBfyptHQDecwyG3jRy4ZtppXAbqVTZjlNaaalsYueBxWM9mbjtgy80DSg7 twIDAQAB -----END PUBLIC KEY----- @jtdowney 30
  24. Convert PEM encoded key to DER encoded $ openssl rsa

    -inform PEM -outform DER -in demo.pem -out demo.der writing RSA key $ xxd demo.der | head 00000000: 3082 04a3 0201 0002 8201 0100 c363 8018 0............c.. 00000010: fd6c 6b4a e6e0 133d 9660 5d9c 1f61 1e12 .lkJ...=.`]..a.. 00000020: 73e8 b6a3 4860 757a 0e92 f83d 145d ea29 s...H`uz...=.].) 00000030: d484 cc76 d156 d227 5def af56 979f 11de ...v.V.']..V.... 00000040: ec39 02f3 6c6c 2941 db33 9af7 38c5 2bc7 .9..ll)A.3..8.+. 00000050: 37b3 3ca7 23f9 c262 4ce9 325a 7c39 c28c 7.<.#..bL.2Z|9.. 00000060: 973d 39a9 1503 419d a161 5fb3 d300 1820 .=9...A..a_.... 00000070: 6af1 eb59 6bbe e8b5 1f69 e2a2 214d 39a6 j..Yk....i..!M9. 00000080: 75d2 53d1 9639 9cf5 683f 5afb 72a3 030a u.S..9..h?Z.r... 00000090: 614a 79a6 cd47 6ce6 129c d6a3 7e2f 9406 aJy..Gl.....~/.. @jtdowney 31
  25. $ head braintree.pem -----BEGIN CERTIFICATE----- MIIHFzCCBf+gAwIBAgIQdlPhj8bBtjhpkzOjtu2ZGzANBgkqhkiG9w0BAQsFADB3 MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwMzE3MDAwMDAwWhcNMTcwMzE2 MjM1OTU5WjCCAR0xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIB

    AgwIRGVsYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYD VQQFEwczMDE0MjY3MQswCQYDVQQGEwJVUzETMBEGA1UEEQwKOTUxMzEtMjAyMTET MBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIU2FuIEpvc2UxFjAUBgNVBAkM DTIyMTEgTiAxc3QgU3QxFTATBgNVBAoMDFBheVBhbCwgSW5jLjEdMBsGA1UECwwU @jtdowney 33
  26. X.509 Certificate 4 Format for digital certificates 4 Uses ASN.1

    for the basic file format 4 Wraps public key 4 Specifies subject of certificate and issuer 4 Contents are digitally signed by issuer 4 Lists lifetime of validity @jtdowney 34
  27. View certificate information $ openssl x509 -text -in braintree.pem |

    head -n 20 Certificate: Data: Version: 3 (0x2) Serial Number: 76:53:e1:8f:c6:c1:b6:38:69:93:33:a3:b6:ed:99:1b Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust N... Validity Not Before: Mar 17 00:00:00 2015 GMT Not After : Mar 16 23:59:59 2017 GMT Subject: jurisdictionC=US/jurisdictionST=Delaware/busines... Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:d4:8e:55:07:7c:a2:89:f5:4f:a0:d2:80:82:63: d6:09:a1:86:19:e3:68:52:f5:49:66:d9:d7:e9:61: 33:77:3c:04:8b:cc:43:99:b5:e3:b9:a1:23:40:a9: 26:32:8c:fe:60:31:eb:5d:da:2d:42:3e:4a:0b:a9: e7:d3:17:19:bf:8a:7b:3e:37:2a:f2:dd:3e:4c:62: @jtdowney 35
  28. X.509 Extensions $ openssl x509 -text -in braintree.pem ... X509v3

    extensions: X509v3 Subject Alternative Name: DNS:www.braintreepayments.com X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication ... @jtdowney 36
  29. Extract public key from certificate $ openssl x509 -pubkey -noout

    -in braintree.pem -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1I5VB3yiifVPoNKAgmPW CaGGGeNoUvVJZtnX6WEzdzwEi8xDmbXjuaEjQKkmMoz+YDHrXdotQj5KC6nn0xcZ v4p7Pjcq8t0+TGKSp+dJr1Fk0Tx9i7Fk+Lq2yEfQYGymyuzmDk4pzwbMkzMjuqkw lWMxErPshjynBK5g4TEc8pTCYtX39mVMPhXdcj3V6auk3ubbgpbz5DCyh0JiwnNK 84sA8ydCFs4csF9g3hJYws/J6KL9jxDfLkf5jWQLA6inxyX1zRKRwrlOyTCFIs6X KGBr5Cjei6NI/9NYCLClxcfKJ6qDpCOf6PZj3JTk9fzF3KMrPWoc7SRE1MwfYX63 cwIDAQAB -----END PUBLIC KEY----- @jtdowney 37
  30. View certificate parse details $ openssl asn1parse -in braintree.pem |

    head -n 20 0:d=0 hl=4 l=1815 cons: SEQUENCE 4:d=1 hl=4 l=1535 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 16 prim: INTEGER :7653E18FC6C1B638699333A3B6ED991B 31:d=2 hl=2 l= 13 cons: SEQUENCE 33:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 44:d=3 hl=2 l= 0 prim: NULL 46:d=2 hl=2 l= 119 cons: SEQUENCE 48:d=3 hl=2 l= 11 cons: SET 50:d=4 hl=2 l= 9 cons: SEQUENCE 52:d=5 hl=2 l= 3 prim: OBJECT :countryName 57:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US 61:d=3 hl=2 l= 29 cons: SET 63:d=4 hl=2 l= 27 cons: SEQUENCE 65:d=5 hl=2 l= 3 prim: OBJECT :organizationName 70:d=5 hl=2 l= 20 prim: PRINTABLESTRING :Symantec Corporation 92:d=3 hl=2 l= 31 cons: SET 94:d=4 hl=2 l= 29 cons: SEQUENCE 96:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName @jtdowney 38
  31. X.509 Certificate Request 4 Sent to certificate authority 4 Contains

    public key for certificate 4 Requestor signs contents @jtdowney 39
  32. Generate a certificate request $ openssl req -new -key demo.pem

    -out demo.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Illinois Locality Name (eg, city) []:Chicago Organization Name (eg, company) [Internet Widgits Pty Ltd]:PayPal Organizational Unit Name (eg, section) []:Braintree Common Name (e.g. server FQDN or YOUR name) []:demo.braintreepayments.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: @jtdowney 40
  33. View certificate request $ openssl req -text -in demo.csr |

    head -n 20 Certificate Request: Data: Version: 0 (0x0) Subject: C=US, ST=Illinois, L=Chicago, O=PayPal, OU=Braintree, CN=demo.braintreepayments.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c3:63:80:18:fd:6c:6b:4a:e6:e0:13:3d:96:60: 5d:9c:1f:61:1e:12:73:e8:b6:a3:48:60:75:7a:0e: 92:f8:3d:14:5d:ea:29:d4:84:cc:76:d1:56:d2:27: 5d:ef:af:56:97:9f:11:de:ec:39:02:f3:6c:6c:29: 41:db:33:9a:f7:38:c5:2b:c7:37:b3:3c:a7:23:f9: c2:62:4c:e9:32:5a:7c:39:c2:8c:97:3d:39:a9:15: 03:41:9d:a1:61:5f:b3:d3:00:18:20:6a:f1:eb:59: 6b:be:e8:b5:1f:69:e2:a2:21:4d:39:a6:75:d2:53: d1:96:39:9c:f5:68:3f:5a:fb:72:a3:03:0a:61:4a: 79:a6:cd:47:6c:e6:12:9c:d6:a3:7e:2f:94:06:5d: 18:a1:3f:ea:de:74:78:d7:40:90:97:be:ab:c6:e9: 63:60:e0:d5:7f:78:39:b5:5e:95:54:bf:48:c4:3b: @jtdowney 41
  34. Extract public key from certificate request $ openssl req -pubkey

    -in demo.csr -noout -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2OAGP1sa0rm4BM9lmBd nB9hHhJz6LajSGB1eg6S+D0UXeop1ITMdtFW0idd769Wl58R3uw5AvNsbClB2zOa 9zjFK8c3szynI/nCYkzpMlp8OcKMlz05qRUDQZ2hYV+z0wAYIGrx61lrvui1H2ni oiFNOaZ10lPRljmc9Wg/WvtyowMKYUp5ps1HbOYSnNajfi+UBl0YoT/q3nR410CQ l76rxuljYODVf3g5tV6VVL9IxDtJHJIJxeU+RiWZOudkzWVNDpJmfSnHfJ/vOOo/ utzHwGdBfyptHQDecwyG3jRy4ZtppXAbqVTZjlNaaalsYueBxWM9mbjtgy80DSg7 twIDAQAB -----END PUBLIC KEY----- @jtdowney 42
  35. PKCS #12 4 Format for combing keys and certificates 4

    Preferred format for Windows 4 Can optionally be encrypted with password 4 Extensions .p12 and .pfx @jtdowney 43
  36. curl $ curl -vI https://www.braintreepayments.com * Rebuilt URL to: https://www.braintreepayments.com/

    * Trying 54.215.8.63... * Connected to www.braintreepayments.com (54.215.8.63) port 443 (#0) * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * Server certificate: www.braintreepayments.com * Server certificate: Symantec Class 3 EV SSL CA - G3 * Server certificate: VeriSign Class 3 Public Primary Certification Authority - G5 > HEAD / HTTP/1.1 > Host: www.braintreepayments.com > User-Agent: curl/7.43.0 > Accept: */* @jtdowney 45
  37. openssl s_client $ openssl s_client -connect www.braintreepayments.com:443 CONNECTED(00000003) depth=3 C

    = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary... verify return:1 depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network... verify return:1 depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Net... verify return:1 depth=0 jurisdictionC = US, jurisdictionST = Delaware, businessCa... OU = Braintree Production, CN = www.braintreepayments.com verify return:1 --- Certificate chain 0 s:/jurisdictionC=US/jurisdictionST=Delaware/businessCategory=P... intreepayments.com i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Sy... 1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Sy... i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006... 2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006... i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certificati... ... @jtdowney 46
  38. openssl s_client $ openssl s_client -connect www.braintreepayments.com:443 ... SSL handshake

    has read 5063 bytes and written 444 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 387E121C8195A337BC24EDAB3962627E01E974841E039D4D3... Session-ID-ctx: Master-Key: B158E366C9D89BC74C7CD183CDF4AC0498899D9ED2D6A00CA... Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None ...snip... Start Time: 1446134858 Timeout : 300 (sec) Verify return code: 0 (ok) --- @jtdowney 47
  39. OpenSSL 4 Does not ship with any root certificates 4

    Operating systems and browsers do 4 On Linux these are generally gathered from the Mozilla list 4 On OS X 4 Contains special patches which cause it to fall back to the OS X root certificates 4 The version is super old @jtdowney 48
  40. sslyze $ brew install sslyze $ sslyze --regular www.braintreepayments.com:443 ...

    SCAN RESULTS FOR WWW.BRAINTREEPAYMENTS.COM:443 - 54.215.8.63:443 ------------------------------------------------------------------- ...snip... * Certificate - Content: SHA1 Fingerprint: 8ab0dc85c10af4c0e396e7586c85a3b74a39aa91 Common Name: www.braintreepayments.com Issuer: Symantec Class 3 EV SSL CA - G3 Serial Number: 7653E18FC6C1B638699333A3B6ED991B Not Before: Mar 17 00:00:00 2015 GMT Not After: Mar 16 23:59:59 2017 GMT Signature Algorithm: sha256WithRSAEncryption Public Key Algorithm: rsaEncryption Key Size: 2048 bit Exponent: 65537 (0x10001) X509v3 Subject Alternative Name: {'DNS': ['www.braintreepayments.com']} ... @jtdowney 49
  41. sslyze $ sslyze --regular www.braintreepayments.com:443 ... SCAN RESULTS FOR WWW.BRAINTREEPAYMENTS.COM:443

    - 54.215.8.63:443 ------------------------------------------------------------------- ...snip... * Certificate - Trust: Hostname Validation: OK - Subject Alternative Name matches Google CA Store (09/2015): OK - Certificate is trusted Java 6 CA Store (Update 65): OK - Certificate is trusted Microsoft CA Store (09/2015): OK - Certificate is trusted Apple CA Store (OS X 10.10.5): OK - Certificate is trusted Mozilla NSS CA Store (09/2015): OK - Certificate is trusted Certificate Chain Received: ['www.braintreepayments.com', 'Symantec Cl... ... @jtdowney 50
  42. Client Hello 4 Protocol the client wants (i.e. TLS 1.2)

    4 Ciphers the client supports 4 Extensions (introduced after TLS 1.0 but in a compatible way) 4 Server Name Indication (SNI) @jtdowney 55
  43. Server Name Indication 4 Allows a client to tell a

    server which vhost they want 4 Without it, every hostname needs its own IP 4 Can be expensive for hosting 4 Host information is sent after TLS handshake (HTTP Host Header) 4 SNI support is still not 100% @jtdowney 56
  44. Server Hello 4 Server picks protocol and cipher suite 4

    Provides some session re-negotiation values @jtdowney 57
  45. Client Certificate [optional] 4 Server asks for client to provide

    a certificate 4 Indicates what parameters would be allowed 4 Clients sends its own certificate and any intermediate @jtdowney 60
  46. Change Cipher Spec 4 Indicates the end of the handshake

    4 Following the Finished message, data will be encrypted @jtdowney 61
  47. Pitfalls 1. Not verifying the certificate chain 2. Not verifying

    the hostname 3. Using a broken library @jtdowney 65
  48. Pitfalls 1. Not verifying the certificate chain 2. Not verifying

    the hostname 3. Using a broken library @jtdowney 68
  49. 4 Hostname verification is protocol dependent 4 OpenSSL doesn't have

    it built in 4 Also, some people just turn it off: curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); @jtdowney 69
  50. Pitfalls 1. Not verifying the certificate chain 2. Not verifying

    the hostname 3. Using a broken library @jtdowney 70
  51. Recommendations 4 Do ensure you're validating connections 4 Lean on

    a framework/library if possible 4 But check that it also does the right thing 4 Setup and automated test to validate this setting @jtdowney 73
  52. MAC then Encrypt 4 Attacks 4 BEAST 4 POODLE 4

    Lucky13 4 Workaround is to use AEAD ciphersuites 4 GCM 4 Chacha20Poly1305 @jtdowney 75
  53. Long tail of support 4 Many servers still support SSLv3

    4 Some servers support SSLv2 4 Attacks 4 DROWN: Breaking TLS using SSLv2 @jtdowney 77