TLS, SSL, OMG, BBQ What is TLS and how does this stuff work? 1

Terminology 4 SSL - Secure Sockets Layer 4 TLS - Transport Layer Security 2

History and Background 3

History 4 1995 - Netscape releases SSL 2.0 4 1996 - Netscape releases SSL 3.0 4 1999 - IETF releases TLS 1.0 (RFC 2246) 4 2006 - IETF releases TLS 1.1 (RFC 4346) 4 2008 - IETF releases TLS 1.2 (RFC 5246) 4 TLS 1.3 in draft (github.com/tlswg/tls13-spec) 4

Problem 1. Confidentiality 2. Integrity 3. Identification 5

Broad types of cryptography 4 Symmetric cryptography - both sides share the same key 4 Asymmetric (public key) cryptography - each side has a different key 6

Public Key Cryptography 4 Solves the key distribution problem 4 Algorithms typically based on hard math problems 4 Fills two roles 4 Digital signatures 4 Key exchange 7

Digital Signatures 4 Allows a public verification key to be published 4 A signer keeps the private signing key 4 Messages from the signer can be verified 4 Also protects integrity 8

Key Exchange 4 Asymmetric crypto is far slower than symmetric cryptography 4 Uses asymmetric to setup a shared key, so both sides can switch to symmetric 9

Algorithms 4 Digital Signatures - RSA, DSA, ECDSA 4 Key Exchange - RSA, DH, ECDH 10

RSA Security 4 Company founded by Ron Rivest, Adi Shamir, Leonard Adleman 4 Built to develop crypto based products and standards 4 Held patent on RSA Algorithm until September 2000 11

Public Key Cryptography Standards 4 Developed by RSA Security to standardize usage of RSA 4 Relied on ASN.1 as basic file format 12

ASN.1 4 Abstract syntax notation, one 4 Describes a tree structure 4 Typically use Distinguished Encoding Rules (DER) 4 Binary format 4 Canonical representation 13

PEM Files 4 Privacy Enhanced Mail (PEM) 4 Never really used 4 Base64 encoded DER data 4 Have headers that describe the contents 4 -----BEGIN CERTIFICATE----- 4 The "preferred" format for OpenSSL 14

File extensions 4 Never well established 4 The extension may describe the format but not the contents (.pem, .der) 4 Or it may describe the contents but not the format (.cer, .crt, .key) 15

OpenSSL 4 Fork of SSLeay 4 Created by Eric A. Young 4 Forked when he went to work for RSA Security 4 By far the most popular open source TLS/SSL library 16

Working with Key Files 17

Generate an RSA Key $ openssl genrsa -out demo.pem Generating RSA private key, 2048 bit long modulus ...............................+++ .....................+++ e is 65537 (0x10001) 18

PKCS #1 4 Original standard for RSA 4 Describes storage of RSA key in a file 4 Still preferred format by OpenSSL (but not Java) 19

View RSA PEM file (PKCS #1) $ head demo.pem -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAw2OAGP1sa0rm4BM9lmBdnB9hHhJz6LajSGB1eg6S+D0UXeop 1ITMdtFW0idd769Wl58R3uw5AvNsbClB2zOa9zjFK8c3szynI/nCYkzpMlp8OcKM lz05qRUDQZ2hYV+z0wAYIGrx61lrvui1H2nioiFNOaZ10lPRljmc9Wg/WvtyowMK YUp5ps1HbOYSnNajfi+UBl0YoT/q3nR410CQl76rxuljYODVf3g5tV6VVL9IxDtJ HJIJxeU+RiWZOudkzWVNDpJmfSnHfJ/vOOo/utzHwGdBfyptHQDecwyG3jRy4Ztp pXAbqVTZjlNaaalsYueBxWM9mbjtgy80DSg7twIDAQABAoIBAEhZ8/lM/nTMi6m1 9jxU+tTxGblVA+7MkrIeZeIIu4uIsp4EM/EqK7xj0E6JnVNADkSe9rMhrgrVsPRs YqKU/XFGaFzJrGqGry23Mq/L4x5uO0n4LK9kUJG34jjN8hBoq+IaStTWRTbtKeTL ryYuw2leA4axiTeVKisCsoh9TdiWVg7Svt31B9oEcYD26EgVV7rkJwmNNdBss5Ds 20

View RSA Key Details $ openssl rsa -text -in demo.pem | head writing RSA key Private-Key: (2048 bit) modulus: 00:c3:63:80:18:fd:6c:6b:4a:e6:e0:13:3d:96:60: 5d:9c:1f:61:1e:12:73:e8:b6:a3:48:60:75:7a:0e: 92:f8:3d:14:5d:ea:29:d4:84:cc:76:d1:56:d2:27: 5d:ef:af:56:97:9f:11:de:ec:39:02:f3:6c:6c:29: 41:db:33:9a:f7:38:c5:2b:c7:37:b3:3c:a7:23:f9: c2:62:4c:e9:32:5a:7c:39:c2:8c:97:3d:39:a9:15: 03:41:9d:a1:61:5f:b3:d3:00:18:20:6a:f1:eb:59: 6b:be:e8:b5:1f:69:e2:a2:21:4d:39:a6:75:d2:53: 21

View RSA parse details (PKCS #1) $ openssl asn1parse -in demo.pem 0:d=0 hl=4 l=1187 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :00 7:d=1 hl=4 l= 257 prim: INTEGER :C3638018FD6C6B4AE... 268:d=1 hl=2 l= 3 prim: INTEGER :010001 273:d=1 hl=4 l= 256 prim: INTEGER :4859F3F94CFE74CC8... 533:d=1 hl=3 l= 129 prim: INTEGER :EA7858DA0442FCACA... 665:d=1 hl=3 l= 129 prim: INTEGER :D55478D835A975238... 797:d=1 hl=3 l= 128 prim: INTEGER :3F9086CDFC0FC8FE6... 928:d=1 hl=3 l= 129 prim: INTEGER :B15D41FBC0E1DB1A6... 1060:d=1 hl=3 l= 128 prim: INTEGER :41DAB94D9A546263F... 22

PKCS #8 4 Expands key storage beyond RSA 4 Preferred format for Java 23

Convert PKCS #1 key to PKCS #8 $ openssl pkcs8 -topk8 -nocrypt -in demo.pem -out demo.pk8 24

View RSA PEM file (PKCS #8) $ head demo.pk8 -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDY4AY/WxrSubg Ez2WYF2cH2EeEnPotqNIYHV6DpL4PRRd6inUhMx20VbSJ13vr1aXnxHe7DkC82xs KUHbM5r3OMUrxzezPKcj+cJiTOkyWnw5woyXPTmpFQNBnaFhX7PTABggavHrWWu+ 6LUfaeKiIU05pnXSU9GWOZz1aD9a+3KjAwphSnmmzUds5hKc1qN+L5QGXRihP+re dHjXQJCXvqvG6WNg4NV/eDm1XpVUv0jEO0kckgnF5T5GJZk652TNZU0OkmZ9Kcd8 n+846j+63MfAZ0F/Km0dAN5zDIbeNHLhm2mlcBupVNmOU1ppqWxi54HFYz2ZuO2D LzQNKDu3AgMBAAECggEASFnz+Uz+dMyLqbX2PFT61PEZuVUD7sySsh5l4gi7i4iy ngQz8SorvGPQTomdU0AORJ72syGuCtWw9GxiopT9cUZoXMmsaoavLbcyr8vjHm47 Sfgsr2RQkbfiOM3yEGir4hpK1NZFNu0p5MuvJi7DaV4DhrGJN5UqKwKyiH1N2JZW 25

View RSA parse details (PKCS #8) openssl asn1parse -in demo.pk8 0:d=0 hl=4 l=1213 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :00 7:d=1 hl=2 l= 13 cons: SEQUENCE 9:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption 20:d=2 hl=2 l= 0 prim: NULL 22:d=1 hl=4 l=1191 prim: OCTET STRING [HEX DUMP]:308204A... 26

Get public key from private key $ openssl rsa -pubout -in demo.pem -out demo_pub.pem $ cat demo_pub.pem -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2OAGP1sa0rm4BM9lmBd nB9hHhJz6LajSGB1eg6S+D0UXeop1ITMdtFW0idd769Wl58R3uw5AvNsbClB2zOa 9zjFK8c3szynI/nCYkzpMlp8OcKMlz05qRUDQZ2hYV+z0wAYIGrx61lrvui1H2ni oiFNOaZ10lPRljmc9Wg/WvtyowMKYUp5ps1HbOYSnNajfi+UBl0YoT/q3nR410CQ l76rxuljYODVf3g5tV6VVL9IxDtJHJIJxeU+RiWZOudkzWVNDpJmfSnHfJ/vOOo/ utzHwGdBfyptHQDecwyG3jRy4ZtppXAbqVTZjlNaaalsYueBxWM9mbjtgy80DSg7 twIDAQAB -----END PUBLIC KEY----- 27

Convert PEM encoded key to DER encoded $ openssl rsa -inform PEM -outform DER -in demo.pem -out demo.der writing RSA key $ xxd demo.der | head 00000000: 3082 04a3 0201 0002 8201 0100 c363 8018 0............c.. 00000010: fd6c 6b4a e6e0 133d 9660 5d9c 1f61 1e12 .lkJ...=.`]..a.. 00000020: 73e8 b6a3 4860 757a 0e92 f83d 145d ea29 s...H`uz...=.].) 00000030: d484 cc76 d156 d227 5def af56 979f 11de ...v.V.']..V.... 00000040: ec39 02f3 6c6c 2941 db33 9af7 38c5 2bc7 .9..ll)A.3..8.+. 00000050: 37b3 3ca7 23f9 c262 4ce9 325a 7c39 c28c 7.<.#..bL.2Z|9.. 00000060: 973d 39a9 1503 419d a161 5fb3 d300 1820 .=9...A..a_.... 00000070: 6af1 eb59 6bbe e8b5 1f69 e2a2 214d 39a6 j..Yk....i..!M9. 00000080: 75d2 53d1 9639 9cf5 683f 5afb 72a3 030a u.S..9..h?Z.r... 00000090: 614a 79a6 cd47 6ce6 129c d6a3 7e2f 9406 aJy..Gl.....~/.. 28

Working with Certificates 29

$ head braintree.pem -----BEGIN CERTIFICATE----- MIIHFzCCBf+gAwIBAgIQdlPhj8bBtjhpkzOjtu2ZGzANBgkqhkiG9w0BAQsFADB3 MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwMzE3MDAwMDAwWhcNMTcwMzE2 MjM1OTU5WjCCAR0xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIB AgwIRGVsYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYD VQQFEwczMDE0MjY3MQswCQYDVQQGEwJVUzETMBEGA1UEEQwKOTUxMzEtMjAyMTET MBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIU2FuIEpvc2UxFjAUBgNVBAkM DTIyMTEgTiAxc3QgU3QxFTATBgNVBAoMDFBheVBhbCwgSW5jLjEdMBsGA1UECwwU 30

X.509 Certificate 4 Format for digital certificates 4 Uses ASN.1 for the basic file format 4 Wraps public key 4 Specifies subject of certificate and issuer 4 Contents are digitally signed by issuer 4 Lists lifetime of validity 31

View certificate information $ openssl x509 -text -in braintree.pem | head -n 20 Certificate: Data: Version: 3 (0x2) Serial Number: 76:53:e1:8f:c6:c1:b6:38:69:93:33:a3:b6:ed:99:1b Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust N... Validity Not Before: Mar 17 00:00:00 2015 GMT Not After : Mar 16 23:59:59 2017 GMT Subject: jurisdictionC=US/jurisdictionST=Delaware/busines... Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:d4:8e:55:07:7c:a2:89:f5:4f:a0:d2:80:82:63: d6:09:a1:86:19:e3:68:52:f5:49:66:d9:d7:e9:61: 33:77:3c:04:8b:cc:43:99:b5:e3:b9:a1:23:40:a9: 26:32:8c:fe:60:31:eb:5d:da:2d:42:3e:4a:0b:a9: e7:d3:17:19:bf:8a:7b:3e:37:2a:f2:dd:3e:4c:62: 32

X.509 Extensions $ openssl x509 -text -in braintree.pem ... X509v3 extensions: X509v3 Subject Alternative Name: DNS:www.braintreepayments.com X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication ... 33

Extract public key from certificate $ openssl x509 -pubkey -noout -in braintree.pem -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1I5VB3yiifVPoNKAgmPW CaGGGeNoUvVJZtnX6WEzdzwEi8xDmbXjuaEjQKkmMoz+YDHrXdotQj5KC6nn0xcZ v4p7Pjcq8t0+TGKSp+dJr1Fk0Tx9i7Fk+Lq2yEfQYGymyuzmDk4pzwbMkzMjuqkw lWMxErPshjynBK5g4TEc8pTCYtX39mVMPhXdcj3V6auk3ubbgpbz5DCyh0JiwnNK 84sA8ydCFs4csF9g3hJYws/J6KL9jxDfLkf5jWQLA6inxyX1zRKRwrlOyTCFIs6X KGBr5Cjei6NI/9NYCLClxcfKJ6qDpCOf6PZj3JTk9fzF3KMrPWoc7SRE1MwfYX63 cwIDAQAB -----END PUBLIC KEY----- 34

View certificate parse details $ openssl asn1parse -in braintree.pem | head -n 20 0:d=0 hl=4 l=1815 cons: SEQUENCE 4:d=1 hl=4 l=1535 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 16 prim: INTEGER :7653E18FC6C1B638699333A3B6ED991B 31:d=2 hl=2 l= 13 cons: SEQUENCE 33:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 44:d=3 hl=2 l= 0 prim: NULL 46:d=2 hl=2 l= 119 cons: SEQUENCE 48:d=3 hl=2 l= 11 cons: SET 50:d=4 hl=2 l= 9 cons: SEQUENCE 52:d=5 hl=2 l= 3 prim: OBJECT :countryName 57:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US 61:d=3 hl=2 l= 29 cons: SET 63:d=4 hl=2 l= 27 cons: SEQUENCE 65:d=5 hl=2 l= 3 prim: OBJECT :organizationName 70:d=5 hl=2 l= 20 prim: PRINTABLESTRING :Symantec Corporation 92:d=3 hl=2 l= 31 cons: SET 94:d=4 hl=2 l= 29 cons: SEQUENCE 96:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName 35

X.509 Certificate Request 4 Sent to certificate authority 4 Contains public key for certificate 4 Requestor signs contents 36

Generate a certificate request $ openssl req -new -key demo.pem -out demo.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Illinois Locality Name (eg, city) []:Chicago Organization Name (eg, company) [Internet Widgits Pty Ltd]:PayPal Organizational Unit Name (eg, section) []:Braintree Common Name (e.g. server FQDN or YOUR name) []:demo.braintreepayments.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: 37

View certificate request $ openssl req -text -in demo.csr | head -n 20 Certificate Request: Data: Version: 0 (0x0) Subject: C=US, ST=Illinois, L=Chicago, O=PayPal, OU=Braintree, CN=demo.braintreepayments.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c3:63:80:18:fd:6c:6b:4a:e6:e0:13:3d:96:60: 5d:9c:1f:61:1e:12:73:e8:b6:a3:48:60:75:7a:0e: 92:f8:3d:14:5d:ea:29:d4:84:cc:76:d1:56:d2:27: 5d:ef:af:56:97:9f:11:de:ec:39:02:f3:6c:6c:29: 41:db:33:9a:f7:38:c5:2b:c7:37:b3:3c:a7:23:f9: c2:62:4c:e9:32:5a:7c:39:c2:8c:97:3d:39:a9:15: 03:41:9d:a1:61:5f:b3:d3:00:18:20:6a:f1:eb:59: 6b:be:e8:b5:1f:69:e2:a2:21:4d:39:a6:75:d2:53: d1:96:39:9c:f5:68:3f:5a:fb:72:a3:03:0a:61:4a: 79:a6:cd:47:6c:e6:12:9c:d6:a3:7e:2f:94:06:5d: 18:a1:3f:ea:de:74:78:d7:40:90:97:be:ab:c6:e9: 63:60:e0:d5:7f:78:39:b5:5e:95:54:bf:48:c4:3b: 38

Extract public key from certificate request $ openssl req -pubkey -in demo.csr -noout -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2OAGP1sa0rm4BM9lmBd nB9hHhJz6LajSGB1eg6S+D0UXeop1ITMdtFW0idd769Wl58R3uw5AvNsbClB2zOa 9zjFK8c3szynI/nCYkzpMlp8OcKMlz05qRUDQZ2hYV+z0wAYIGrx61lrvui1H2ni oiFNOaZ10lPRljmc9Wg/WvtyowMKYUp5ps1HbOYSnNajfi+UBl0YoT/q3nR410CQ l76rxuljYODVf3g5tV6VVL9IxDtJHJIJxeU+RiWZOudkzWVNDpJmfSnHfJ/vOOo/ utzHwGdBfyptHQDecwyG3jRy4ZtppXAbqVTZjlNaaalsYueBxWM9mbjtgy80DSg7 twIDAQAB -----END PUBLIC KEY----- 39

Debugging Connections 40

curl $ curl -vI https://www.braintreepayments.com * Rebuilt URL to: https://www.braintreepayments.com/ * Trying 204.109.13.115... * Connected to www.braintreepayments.com (204.109.13.115) port 443 (#0) * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * Server certificate: www.braintreepayments.com * Server certificate: Symantec Class 3 EV SSL CA - G3 * Server certificate: VeriSign Class 3 Public Primary Certification Authority - G5 > HEAD / HTTP/1.1 > Host: www.braintreepayments.com > User-Agent: curl/7.43.0 > Accept: */* 41

openssl s_client $ openssl s_client -connect www.braintreepayments.com:443 CONNECTED(00000003) depth=3 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary... verify return:1 depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network... verify return:1 depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Net... verify return:1 depth=0 jurisdictionC = US, jurisdictionST = Delaware, businessCa... OU = Braintree Production, CN = www.braintreepayments.com verify return:1 --- Certificate chain 0 s:/jurisdictionC=US/jurisdictionST=Delaware/businessCategory=P... intreepayments.com i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Sy... 1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Sy... i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006... 2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006... i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certificati... ... 42

openssl s_client $ openssl s_client -connect www.braintreepayments.com:443 ... SSL handshake has read 5063 bytes and written 444 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 387E121C8195A337BC24EDAB3962627E01E974841E039D4D3... Session-ID-ctx: Master-Key: B158E366C9D89BC74C7CD183CDF4AC0498899D9ED2D6A00CA... Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None ...snip... Start Time: 1446134858 Timeout : 300 (sec) Verify return code: 0 (ok) --- 43

sslyze $ brew install sslyze $ sslyze --regular www.braintreepayments.com:443 ... SCAN RESULTS FOR WWW.BRAINTREEPAYMENTS.COM:443 - 204.109.13.115:443 ------------------------------------------------------------------- ...snip... * Certificate - Content: SHA1 Fingerprint: 8ab0dc85c10af4c0e396e7586c85a3b74a39aa91 Common Name: www.braintreepayments.com Issuer: Symantec Class 3 EV SSL CA - G3 Serial Number: 7653E18FC6C1B638699333A3B6ED991B Not Before: Mar 17 00:00:00 2015 GMT Not After: Mar 16 23:59:59 2017 GMT Signature Algorithm: sha256WithRSAEncryption Public Key Algorithm: rsaEncryption Key Size: 2048 bit Exponent: 65537 (0x10001) X509v3 Subject Alternative Name: {'DNS': ['www.braintreepayments.com']} ... 44

sslyze $ sslyze --regular www.braintreepayments.com:443 ... SCAN RESULTS FOR WWW.BRAINTREEPAYMENTS.COM:443 - 204.109.13.115:443 ------------------------------------------------------------------- ...snip... * Certificate - Trust: Hostname Validation: OK - Subject Alternative Name matches Google CA Store (09/2015): OK - Certificate is trusted Java 6 CA Store (Update 65): OK - Certificate is trusted Microsoft CA Store (09/2015): OK - Certificate is trusted Apple CA Store (OS X 10.10.5): OK - Certificate is trusted Mozilla NSS CA Store (09/2015): OK - Certificate is trusted Certificate Chain Received: ['www.braintreepayments.com', 'Symantec Cl... ... 45

Random Notes 4 OpenSSL does not ship with any root certificates 4 Operating systems and browsers do 4 On Linux these are generally gathered from the Mozilla list 4 OpenSSL on OS X 4 Contains special patches which cause it to fall back to the OS X keystore 4 The version is super old 46

SSL Labs https://www.ssllabs.com 47

How TLS Works 48

49

Client Hello 4 Protocol the client wants (i.e. TLS 1.2) 4 Ciphers the client supports 4 Extensions (introduced after TLS 1.0 but in a compatible way) 4 Server Name Indication (SNI) 50

Server Name Indication 4 Allows a client to tell a server which vhost they want 4 Without it, every hostname needs its own IP 4 Can be expensive for hosting 4 Host information is sent after TLS handshake (HTTP Host Header) 4 SNI support is still not 100% 51

Server Hello 4 Server picks protocol and cipher suite 4 Provides some session re-negotiation values 52

Server Certificate 4 Server provides its certificate and any intermediate nessecary 53

54

Client Certificate [optional] 4 Server asks for client to provide a certificate 4 Indicates what parameters would be allowed 4 Clients sends its own certificate and any intermediate 55

Change Cipher Spec 4 Indicates the end of the handshake 4 Following the Finished message, data will be encrypted 56

TLS Verification 57

58

Pitfalls 1. Not verifying the certificate chain 2. Not verifying the hostname 3. Using a broken library 59

60

$ curl -k https://example.com or curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); 61

Pitfalls 1. Not verifying the certificate chain 2. Not verifying the hostname 3. Using a broken library 62

4 Hostname verification is protocol dependent 4 OpenSSL doesn't have it built in 4 Also, some people just turn it off: curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); 63

Pitfalls 1. Not verifying the certificate chain 2. Not verifying the hostname 3. Using a broken library 64

65

66

Recommendations 4 Do ensure you're validating connections 4 Lean on a framework/library if possible 4 But check that it also does the right thing 4 Setup and automated test to validate this setting 67

Questions 68