Slide 1

Slide 1 text

TLS, SSL, OMG, BBQ What is TLS and how does this stuff work? 1

Slide 2

Slide 2 text

Terminology 4 SSL - Secure Sockets Layer 4 TLS - Transport Layer Security 2

Slide 3

Slide 3 text

History and Background 3

Slide 4

Slide 4 text

History 4 1995 - Netscape releases SSL 2.0 4 1996 - Netscape releases SSL 3.0 4 1999 - IETF releases TLS 1.0 (RFC 2246) 4 2006 - IETF releases TLS 1.1 (RFC 4346) 4 2008 - IETF releases TLS 1.2 (RFC 5246) 4 TLS 1.3 in draft (github.com/tlswg/tls13-spec) 4

Slide 5

Slide 5 text

Problem 1. Confidentiality 2. Integrity 3. Identification 5

Slide 6

Slide 6 text

Broad types of cryptography 4 Symmetric cryptography - both sides share the same key 4 Asymmetric (public key) cryptography - each side has a different key 6

Slide 7

Slide 7 text

Public Key Cryptography 4 Solves the key distribution problem 4 Algorithms typically based on hard math problems 4 Fills two roles 4 Digital signatures 4 Key exchange 7

Slide 8

Slide 8 text

Digital Signatures 4 Allows a public verification key to be published 4 A signer keeps the private signing key 4 Messages from the signer can be verified 4 Also protects integrity 8

Slide 9

Slide 9 text

Key Exchange 4 Asymmetric crypto is far slower than symmetric cryptography 4 Uses asymmetric to setup a shared key, so both sides can switch to symmetric 9

Slide 10

Slide 10 text

Algorithms 4 Digital Signatures - RSA, DSA, ECDSA 4 Key Exchange - RSA, DH, ECDH 10

Slide 11

Slide 11 text

RSA Security 4 Company founded by Ron Rivest, Adi Shamir, Leonard Adleman 4 Built to develop crypto based products and standards 4 Held patent on RSA Algorithm until September 2000 11

Slide 12

Slide 12 text

Public Key Cryptography Standards 4 Developed by RSA Security to standardize usage of RSA 4 Relied on ASN.1 as basic file format 12

Slide 13

Slide 13 text

ASN.1 4 Abstract syntax notation, one 4 Describes a tree structure 4 Typically use Distinguished Encoding Rules (DER) 4 Binary format 4 Canonical representation 13

Slide 14

Slide 14 text

PEM Files 4 Privacy Enhanced Mail (PEM) 4 Never really used 4 Base64 encoded DER data 4 Have headers that describe the contents 4 -----BEGIN CERTIFICATE----- 4 The "preferred" format for OpenSSL 14

Slide 15

Slide 15 text

File extensions 4 Never well established 4 The extension may describe the format but not the contents (.pem, .der) 4 Or it may describe the contents but not the format (.cer, .crt, .key) 15

Slide 16

Slide 16 text

OpenSSL 4 Fork of SSLeay 4 Created by Eric A. Young 4 Forked when he went to work for RSA Security 4 By far the most popular open source TLS/SSL library 16

Slide 17

Slide 17 text

Working with Key Files 17

Slide 18

Slide 18 text

Generate an RSA Key $ openssl genrsa -out demo.pem Generating RSA private key, 2048 bit long modulus ...............................+++ .....................+++ e is 65537 (0x10001) 18

Slide 19

Slide 19 text

PKCS #1 4 Original standard for RSA 4 Describes storage of RSA key in a file 4 Still preferred format by OpenSSL (but not Java) 19

Slide 20

Slide 20 text

View RSA PEM file (PKCS #1) $ head demo.pem -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAw2OAGP1sa0rm4BM9lmBdnB9hHhJz6LajSGB1eg6S+D0UXeop 1ITMdtFW0idd769Wl58R3uw5AvNsbClB2zOa9zjFK8c3szynI/nCYkzpMlp8OcKM lz05qRUDQZ2hYV+z0wAYIGrx61lrvui1H2nioiFNOaZ10lPRljmc9Wg/WvtyowMK YUp5ps1HbOYSnNajfi+UBl0YoT/q3nR410CQl76rxuljYODVf3g5tV6VVL9IxDtJ HJIJxeU+RiWZOudkzWVNDpJmfSnHfJ/vOOo/utzHwGdBfyptHQDecwyG3jRy4Ztp pXAbqVTZjlNaaalsYueBxWM9mbjtgy80DSg7twIDAQABAoIBAEhZ8/lM/nTMi6m1 9jxU+tTxGblVA+7MkrIeZeIIu4uIsp4EM/EqK7xj0E6JnVNADkSe9rMhrgrVsPRs YqKU/XFGaFzJrGqGry23Mq/L4x5uO0n4LK9kUJG34jjN8hBoq+IaStTWRTbtKeTL ryYuw2leA4axiTeVKisCsoh9TdiWVg7Svt31B9oEcYD26EgVV7rkJwmNNdBss5Ds 20

Slide 21

Slide 21 text

View RSA Key Details $ openssl rsa -text -in demo.pem | head writing RSA key Private-Key: (2048 bit) modulus: 00:c3:63:80:18:fd:6c:6b:4a:e6:e0:13:3d:96:60: 5d:9c:1f:61:1e:12:73:e8:b6:a3:48:60:75:7a:0e: 92:f8:3d:14:5d:ea:29:d4:84:cc:76:d1:56:d2:27: 5d:ef:af:56:97:9f:11:de:ec:39:02:f3:6c:6c:29: 41:db:33:9a:f7:38:c5:2b:c7:37:b3:3c:a7:23:f9: c2:62:4c:e9:32:5a:7c:39:c2:8c:97:3d:39:a9:15: 03:41:9d:a1:61:5f:b3:d3:00:18:20:6a:f1:eb:59: 6b:be:e8:b5:1f:69:e2:a2:21:4d:39:a6:75:d2:53: 21

Slide 22

Slide 22 text

View RSA parse details (PKCS #1) $ openssl asn1parse -in demo.pem 0:d=0 hl=4 l=1187 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :00 7:d=1 hl=4 l= 257 prim: INTEGER :C3638018FD6C6B4AE... 268:d=1 hl=2 l= 3 prim: INTEGER :010001 273:d=1 hl=4 l= 256 prim: INTEGER :4859F3F94CFE74CC8... 533:d=1 hl=3 l= 129 prim: INTEGER :EA7858DA0442FCACA... 665:d=1 hl=3 l= 129 prim: INTEGER :D55478D835A975238... 797:d=1 hl=3 l= 128 prim: INTEGER :3F9086CDFC0FC8FE6... 928:d=1 hl=3 l= 129 prim: INTEGER :B15D41FBC0E1DB1A6... 1060:d=1 hl=3 l= 128 prim: INTEGER :41DAB94D9A546263F... 22

Slide 23

Slide 23 text

PKCS #8 4 Expands key storage beyond RSA 4 Preferred format for Java 23

Slide 24

Slide 24 text

Convert PKCS #1 key to PKCS #8 $ openssl pkcs8 -topk8 -nocrypt -in demo.pem -out demo.pk8 24

Slide 25

Slide 25 text

View RSA PEM file (PKCS #8) $ head demo.pk8 -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDY4AY/WxrSubg Ez2WYF2cH2EeEnPotqNIYHV6DpL4PRRd6inUhMx20VbSJ13vr1aXnxHe7DkC82xs KUHbM5r3OMUrxzezPKcj+cJiTOkyWnw5woyXPTmpFQNBnaFhX7PTABggavHrWWu+ 6LUfaeKiIU05pnXSU9GWOZz1aD9a+3KjAwphSnmmzUds5hKc1qN+L5QGXRihP+re dHjXQJCXvqvG6WNg4NV/eDm1XpVUv0jEO0kckgnF5T5GJZk652TNZU0OkmZ9Kcd8 n+846j+63MfAZ0F/Km0dAN5zDIbeNHLhm2mlcBupVNmOU1ppqWxi54HFYz2ZuO2D LzQNKDu3AgMBAAECggEASFnz+Uz+dMyLqbX2PFT61PEZuVUD7sySsh5l4gi7i4iy ngQz8SorvGPQTomdU0AORJ72syGuCtWw9GxiopT9cUZoXMmsaoavLbcyr8vjHm47 Sfgsr2RQkbfiOM3yEGir4hpK1NZFNu0p5MuvJi7DaV4DhrGJN5UqKwKyiH1N2JZW 25

Slide 26

Slide 26 text

View RSA parse details (PKCS #8) openssl asn1parse -in demo.pk8 0:d=0 hl=4 l=1213 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :00 7:d=1 hl=2 l= 13 cons: SEQUENCE 9:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption 20:d=2 hl=2 l= 0 prim: NULL 22:d=1 hl=4 l=1191 prim: OCTET STRING [HEX DUMP]:308204A... 26

Slide 27

Slide 27 text

Get public key from private key $ openssl rsa -pubout -in demo.pem -out demo_pub.pem $ cat demo_pub.pem -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2OAGP1sa0rm4BM9lmBd nB9hHhJz6LajSGB1eg6S+D0UXeop1ITMdtFW0idd769Wl58R3uw5AvNsbClB2zOa 9zjFK8c3szynI/nCYkzpMlp8OcKMlz05qRUDQZ2hYV+z0wAYIGrx61lrvui1H2ni oiFNOaZ10lPRljmc9Wg/WvtyowMKYUp5ps1HbOYSnNajfi+UBl0YoT/q3nR410CQ l76rxuljYODVf3g5tV6VVL9IxDtJHJIJxeU+RiWZOudkzWVNDpJmfSnHfJ/vOOo/ utzHwGdBfyptHQDecwyG3jRy4ZtppXAbqVTZjlNaaalsYueBxWM9mbjtgy80DSg7 twIDAQAB -----END PUBLIC KEY----- 27

Slide 28

Slide 28 text

Convert PEM encoded key to DER encoded $ openssl rsa -inform PEM -outform DER -in demo.pem -out demo.der writing RSA key $ xxd demo.der | head 00000000: 3082 04a3 0201 0002 8201 0100 c363 8018 0............c.. 00000010: fd6c 6b4a e6e0 133d 9660 5d9c 1f61 1e12 .lkJ...=.`]..a.. 00000020: 73e8 b6a3 4860 757a 0e92 f83d 145d ea29 s...H`uz...=.].) 00000030: d484 cc76 d156 d227 5def af56 979f 11de ...v.V.']..V.... 00000040: ec39 02f3 6c6c 2941 db33 9af7 38c5 2bc7 .9..ll)A.3..8.+. 00000050: 37b3 3ca7 23f9 c262 4ce9 325a 7c39 c28c 7.<.#..bL.2Z|9.. 00000060: 973d 39a9 1503 419d a161 5fb3 d300 1820 .=9...A..a_.... 00000070: 6af1 eb59 6bbe e8b5 1f69 e2a2 214d 39a6 j..Yk....i..!M9. 00000080: 75d2 53d1 9639 9cf5 683f 5afb 72a3 030a u.S..9..h?Z.r... 00000090: 614a 79a6 cd47 6ce6 129c d6a3 7e2f 9406 aJy..Gl.....~/.. 28

Slide 29

Slide 29 text

Working with Certificates 29

Slide 30

Slide 30 text

$ head braintree.pem -----BEGIN CERTIFICATE----- MIIHFzCCBf+gAwIBAgIQdlPhj8bBtjhpkzOjtu2ZGzANBgkqhkiG9w0BAQsFADB3 MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwMzE3MDAwMDAwWhcNMTcwMzE2 MjM1OTU5WjCCAR0xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIB AgwIRGVsYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYD VQQFEwczMDE0MjY3MQswCQYDVQQGEwJVUzETMBEGA1UEEQwKOTUxMzEtMjAyMTET MBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIU2FuIEpvc2UxFjAUBgNVBAkM DTIyMTEgTiAxc3QgU3QxFTATBgNVBAoMDFBheVBhbCwgSW5jLjEdMBsGA1UECwwU 30

Slide 31

Slide 31 text

X.509 Certificate 4 Format for digital certificates 4 Uses ASN.1 for the basic file format 4 Wraps public key 4 Specifies subject of certificate and issuer 4 Contents are digitally signed by issuer 4 Lists lifetime of validity 31

Slide 32

Slide 32 text

View certificate information $ openssl x509 -text -in braintree.pem | head -n 20 Certificate: Data: Version: 3 (0x2) Serial Number: 76:53:e1:8f:c6:c1:b6:38:69:93:33:a3:b6:ed:99:1b Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust N... Validity Not Before: Mar 17 00:00:00 2015 GMT Not After : Mar 16 23:59:59 2017 GMT Subject: jurisdictionC=US/jurisdictionST=Delaware/busines... Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:d4:8e:55:07:7c:a2:89:f5:4f:a0:d2:80:82:63: d6:09:a1:86:19:e3:68:52:f5:49:66:d9:d7:e9:61: 33:77:3c:04:8b:cc:43:99:b5:e3:b9:a1:23:40:a9: 26:32:8c:fe:60:31:eb:5d:da:2d:42:3e:4a:0b:a9: e7:d3:17:19:bf:8a:7b:3e:37:2a:f2:dd:3e:4c:62: 32

Slide 33

Slide 33 text

X.509 Extensions $ openssl x509 -text -in braintree.pem ... X509v3 extensions: X509v3 Subject Alternative Name: DNS:www.braintreepayments.com X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication ... 33

Slide 34

Slide 34 text

Extract public key from certificate $ openssl x509 -pubkey -noout -in braintree.pem -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1I5VB3yiifVPoNKAgmPW CaGGGeNoUvVJZtnX6WEzdzwEi8xDmbXjuaEjQKkmMoz+YDHrXdotQj5KC6nn0xcZ v4p7Pjcq8t0+TGKSp+dJr1Fk0Tx9i7Fk+Lq2yEfQYGymyuzmDk4pzwbMkzMjuqkw lWMxErPshjynBK5g4TEc8pTCYtX39mVMPhXdcj3V6auk3ubbgpbz5DCyh0JiwnNK 84sA8ydCFs4csF9g3hJYws/J6KL9jxDfLkf5jWQLA6inxyX1zRKRwrlOyTCFIs6X KGBr5Cjei6NI/9NYCLClxcfKJ6qDpCOf6PZj3JTk9fzF3KMrPWoc7SRE1MwfYX63 cwIDAQAB -----END PUBLIC KEY----- 34

Slide 35

Slide 35 text

View certificate parse details $ openssl asn1parse -in braintree.pem | head -n 20 0:d=0 hl=4 l=1815 cons: SEQUENCE 4:d=1 hl=4 l=1535 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 16 prim: INTEGER :7653E18FC6C1B638699333A3B6ED991B 31:d=2 hl=2 l= 13 cons: SEQUENCE 33:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 44:d=3 hl=2 l= 0 prim: NULL 46:d=2 hl=2 l= 119 cons: SEQUENCE 48:d=3 hl=2 l= 11 cons: SET 50:d=4 hl=2 l= 9 cons: SEQUENCE 52:d=5 hl=2 l= 3 prim: OBJECT :countryName 57:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US 61:d=3 hl=2 l= 29 cons: SET 63:d=4 hl=2 l= 27 cons: SEQUENCE 65:d=5 hl=2 l= 3 prim: OBJECT :organizationName 70:d=5 hl=2 l= 20 prim: PRINTABLESTRING :Symantec Corporation 92:d=3 hl=2 l= 31 cons: SET 94:d=4 hl=2 l= 29 cons: SEQUENCE 96:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName 35

Slide 36

Slide 36 text

X.509 Certificate Request 4 Sent to certificate authority 4 Contains public key for certificate 4 Requestor signs contents 36

Slide 37

Slide 37 text

Generate a certificate request $ openssl req -new -key demo.pem -out demo.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Illinois Locality Name (eg, city) []:Chicago Organization Name (eg, company) [Internet Widgits Pty Ltd]:PayPal Organizational Unit Name (eg, section) []:Braintree Common Name (e.g. server FQDN or YOUR name) []:demo.braintreepayments.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: 37

Slide 38

Slide 38 text

View certificate request $ openssl req -text -in demo.csr | head -n 20 Certificate Request: Data: Version: 0 (0x0) Subject: C=US, ST=Illinois, L=Chicago, O=PayPal, OU=Braintree, CN=demo.braintreepayments.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c3:63:80:18:fd:6c:6b:4a:e6:e0:13:3d:96:60: 5d:9c:1f:61:1e:12:73:e8:b6:a3:48:60:75:7a:0e: 92:f8:3d:14:5d:ea:29:d4:84:cc:76:d1:56:d2:27: 5d:ef:af:56:97:9f:11:de:ec:39:02:f3:6c:6c:29: 41:db:33:9a:f7:38:c5:2b:c7:37:b3:3c:a7:23:f9: c2:62:4c:e9:32:5a:7c:39:c2:8c:97:3d:39:a9:15: 03:41:9d:a1:61:5f:b3:d3:00:18:20:6a:f1:eb:59: 6b:be:e8:b5:1f:69:e2:a2:21:4d:39:a6:75:d2:53: d1:96:39:9c:f5:68:3f:5a:fb:72:a3:03:0a:61:4a: 79:a6:cd:47:6c:e6:12:9c:d6:a3:7e:2f:94:06:5d: 18:a1:3f:ea:de:74:78:d7:40:90:97:be:ab:c6:e9: 63:60:e0:d5:7f:78:39:b5:5e:95:54:bf:48:c4:3b: 38

Slide 39

Slide 39 text

Extract public key from certificate request $ openssl req -pubkey -in demo.csr -noout -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2OAGP1sa0rm4BM9lmBd nB9hHhJz6LajSGB1eg6S+D0UXeop1ITMdtFW0idd769Wl58R3uw5AvNsbClB2zOa 9zjFK8c3szynI/nCYkzpMlp8OcKMlz05qRUDQZ2hYV+z0wAYIGrx61lrvui1H2ni oiFNOaZ10lPRljmc9Wg/WvtyowMKYUp5ps1HbOYSnNajfi+UBl0YoT/q3nR410CQ l76rxuljYODVf3g5tV6VVL9IxDtJHJIJxeU+RiWZOudkzWVNDpJmfSnHfJ/vOOo/ utzHwGdBfyptHQDecwyG3jRy4ZtppXAbqVTZjlNaaalsYueBxWM9mbjtgy80DSg7 twIDAQAB -----END PUBLIC KEY----- 39

Slide 40

Slide 40 text

Debugging Connections 40

Slide 41

Slide 41 text

curl $ curl -vI https://www.braintreepayments.com * Rebuilt URL to: https://www.braintreepayments.com/ * Trying 204.109.13.115... * Connected to www.braintreepayments.com (204.109.13.115) port 443 (#0) * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * Server certificate: www.braintreepayments.com * Server certificate: Symantec Class 3 EV SSL CA - G3 * Server certificate: VeriSign Class 3 Public Primary Certification Authority - G5 > HEAD / HTTP/1.1 > Host: www.braintreepayments.com > User-Agent: curl/7.43.0 > Accept: */* 41

Slide 42

Slide 42 text

openssl s_client $ openssl s_client -connect www.braintreepayments.com:443 CONNECTED(00000003) depth=3 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary... verify return:1 depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network... verify return:1 depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Net... verify return:1 depth=0 jurisdictionC = US, jurisdictionST = Delaware, businessCa... OU = Braintree Production, CN = www.braintreepayments.com verify return:1 --- Certificate chain 0 s:/jurisdictionC=US/jurisdictionST=Delaware/businessCategory=P... intreepayments.com i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Sy... 1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Sy... i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006... 2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006... i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certificati... ... 42

Slide 43

Slide 43 text

openssl s_client $ openssl s_client -connect www.braintreepayments.com:443 ... SSL handshake has read 5063 bytes and written 444 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 387E121C8195A337BC24EDAB3962627E01E974841E039D4D3... Session-ID-ctx: Master-Key: B158E366C9D89BC74C7CD183CDF4AC0498899D9ED2D6A00CA... Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None ...snip... Start Time: 1446134858 Timeout : 300 (sec) Verify return code: 0 (ok) --- 43

Slide 44

Slide 44 text

sslyze $ brew install sslyze $ sslyze --regular www.braintreepayments.com:443 ... SCAN RESULTS FOR WWW.BRAINTREEPAYMENTS.COM:443 - 204.109.13.115:443 ------------------------------------------------------------------- ...snip... * Certificate - Content: SHA1 Fingerprint: 8ab0dc85c10af4c0e396e7586c85a3b74a39aa91 Common Name: www.braintreepayments.com Issuer: Symantec Class 3 EV SSL CA - G3 Serial Number: 7653E18FC6C1B638699333A3B6ED991B Not Before: Mar 17 00:00:00 2015 GMT Not After: Mar 16 23:59:59 2017 GMT Signature Algorithm: sha256WithRSAEncryption Public Key Algorithm: rsaEncryption Key Size: 2048 bit Exponent: 65537 (0x10001) X509v3 Subject Alternative Name: {'DNS': ['www.braintreepayments.com']} ... 44

Slide 45

Slide 45 text

sslyze $ sslyze --regular www.braintreepayments.com:443 ... SCAN RESULTS FOR WWW.BRAINTREEPAYMENTS.COM:443 - 204.109.13.115:443 ------------------------------------------------------------------- ...snip... * Certificate - Trust: Hostname Validation: OK - Subject Alternative Name matches Google CA Store (09/2015): OK - Certificate is trusted Java 6 CA Store (Update 65): OK - Certificate is trusted Microsoft CA Store (09/2015): OK - Certificate is trusted Apple CA Store (OS X 10.10.5): OK - Certificate is trusted Mozilla NSS CA Store (09/2015): OK - Certificate is trusted Certificate Chain Received: ['www.braintreepayments.com', 'Symantec Cl... ... 45

Slide 46

Slide 46 text

Random Notes 4 OpenSSL does not ship with any root certificates 4 Operating systems and browsers do 4 On Linux these are generally gathered from the Mozilla list 4 OpenSSL on OS X 4 Contains special patches which cause it to fall back to the OS X keystore 4 The version is super old 46

Slide 47

Slide 47 text

SSL Labs https://www.ssllabs.com 47

Slide 48

Slide 48 text

How TLS Works 48

Slide 49

Slide 49 text

49

Slide 50

Slide 50 text

Client Hello 4 Protocol the client wants (i.e. TLS 1.2) 4 Ciphers the client supports 4 Extensions (introduced after TLS 1.0 but in a compatible way) 4 Server Name Indication (SNI) 50

Slide 51

Slide 51 text

Server Name Indication 4 Allows a client to tell a server which vhost they want 4 Without it, every hostname needs its own IP 4 Can be expensive for hosting 4 Host information is sent after TLS handshake (HTTP Host Header) 4 SNI support is still not 100% 51

Slide 52

Slide 52 text

Server Hello 4 Server picks protocol and cipher suite 4 Provides some session re-negotiation values 52

Slide 53

Slide 53 text

Server Certificate 4 Server provides its certificate and any intermediate nessecary 53

Slide 54

Slide 54 text

54

Slide 55

Slide 55 text

Client Certificate [optional] 4 Server asks for client to provide a certificate 4 Indicates what parameters would be allowed 4 Clients sends its own certificate and any intermediate 55

Slide 56

Slide 56 text

Change Cipher Spec 4 Indicates the end of the handshake 4 Following the Finished message, data will be encrypted 56

Slide 57

Slide 57 text

TLS Verification 57

Slide 58

Slide 58 text

58

Slide 59

Slide 59 text

Pitfalls 1. Not verifying the certificate chain 2. Not verifying the hostname 3. Using a broken library 59

Slide 60

Slide 60 text

60

Slide 61

Slide 61 text

$ curl -k https://example.com or curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); 61

Slide 62

Slide 62 text

Pitfalls 1. Not verifying the certificate chain 2. Not verifying the hostname 3. Using a broken library 62

Slide 63

Slide 63 text

4 Hostname verification is protocol dependent 4 OpenSSL doesn't have it built in 4 Also, some people just turn it off: curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); 63

Slide 64

Slide 64 text

Pitfalls 1. Not verifying the certificate chain 2. Not verifying the hostname 3. Using a broken library 64

Slide 65

Slide 65 text

65

Slide 66

Slide 66 text

66

Slide 67

Slide 67 text

Recommendations 4 Do ensure you're validating connections 4 Lean on a framework/library if possible 4 But check that it also does the right thing 4 Setup and automated test to validate this setting 67

Slide 68

Slide 68 text

Questions 68