Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The Sorry State Of SSL by Hynek Schlawack
Search
PyCon 2014
April 12, 2014
Technology
2
550
The Sorry State Of SSL by Hynek Schlawack
PyCon 2014
April 12, 2014
Tweet
Share
More Decks by PyCon 2014
See All by PyCon 2014
Postgres Performance for Humans by Craig Kerstiens
pycon2014
29
3.6k
Technical Onboarding, Training, and Mentoring by Kate Heddleston and Nicole Zuckerman
pycon2014
1
2.3k
"My big gay adventure. Making, releasing and selling an indie game made in python." by Luke Miller
pycon2014
2
1.6k
Farewell and Welcome Home, Python in Two Genders by Naomi_Ceder
pycon2014
1
720
Deliver Your Software in an Envelope by Augie Fackler and Nathaniel Manista
pycon2014
1
540
Hitchhikers Guide to Free and Open Source Participation by Elena Williams
pycon2014
6
1.2k
Localization Revisted (aka. Translations Evolved) by Ruchi Varshney
pycon2014
0
690
Smart Dumpster by Bradley E. Angell
pycon2014
0
520
Software Engineering for Hackers: Bridging the Two Solitudes by Tavish Armstrong
pycon2014
0
720
Other Decks in Technology
See All in Technology
JavaにおけるNull非許容性
skrb
2
2.7k
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
19k
AIエージェント入門
minorun365
PRO
32
19k
フォーイット_エンジニア向け会社紹介資料_Forit_Company_Profile.pdf
forit_tech
1
1.7k
エンジニアリング価値を黒字化する バリューベース戦略を用いた 技術戦略策定の道のり
kzkmaeda
7
3.2k
サイト信頼性エンジニアリングとAmazon Web Services / SRE and AWS
ymotongpoo
7
1.7k
AWSアカウントのセキュリティ自動化、どこまで進める? 最適な設計と実践ポイント
yuobayashi
7
960
AWSではじめる Web APIテスト実践ガイド / A practical guide to testing Web APIs on AWS
yokawasa
8
750
Autonomous Database Serverless 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
17
45k
Qiita Organizationを導入したら、アウトプッターが爆増して会社がちょっと有名になった件
minorun365
PRO
1
200
Global Databaseで実現するマルチリージョン自動切替とBlue/Greenデプロイ
j2yano
0
140
LINE NEWSにおけるバックエンド開発
lycorptech_jp
PRO
0
330
Featured
See All Featured
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
7
650
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2.1k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
How STYLIGHT went responsive
nonsquared
99
5.4k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.7k
Building a Modern Day E-commerce SEO Strategy
aleyda
38
7.1k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
10
520
Being A Developer After 40
akosma
89
590k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
21
2.5k
Code Reviewing Like a Champion
maltzj
521
39k
Producing Creativity
orderedlist
PRO
344
40k
Bash Introduction
62gerente
611
210k
Transcript
THE SORRY STATE OF SSL Hynek Schlawack
@hynek https://hynek.me https://github.com/hynek https://www.variomedia.de Hi!
None
None
None
ONLY LINK ox.cx/t
WTF
WTF SSL
WTF SSL & TLS
TIMELINE
TIMELINE 1995: Secure Sockets Layer 2.0, Netscape
TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,
still Netscape
TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,
still Netscape 1999: Transport Layer Security 1.0, IETF
TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,
still Netscape 1999: Transport Layer Security 1.0, IETF 2006: TLS 1.1
TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,
still Netscape 1999: Transport Layer Security 1.0, IETF 2006: TLS 1.1 2008: TLS 1.2
2013
2013 • newfound scrutiny
2013 • newfound scrutiny • browsers add TLS 1.2
2013 • newfound scrutiny • browsers add TLS 1.2 •
just using TLS not enough
TLS
TLS • identity
TLS • identity • confidentiality
TLS • identity • confidentiality • integrity
TLS HYGIENE
SERVERS
BE UP-TO-DATE • OpenSSL >= 1.0.1c • Apache >= 2.4.0
• nginx >= 1.0.6 or 1.1.0
CERTIFICATES • identity • validity
CERTIFICATES • identity • validity • CA sig
CERTIFICATES • identity • validity • CA sig
CERTIFICATES • identity • validity • CA sig
CERTIFICATES • identity • validity • CA sig
CERTIFICATES • identity • validity • CA sig
EXTENDED VALIDATION CERTIFICATES
EXTENDED VALIDATION CERTIFICATES
TRUST CHAIN
TRUST CHAIN
TRUST CHAIN
CERTIFICATES • trust chain
CERTIFICATES • trust chain • host name/service
CERTIFICATES • trust chain • host name/service • already/still valid?
DISABLE • SSL 2.0
DISABLE • SSL 2.0 • SSL 3.0 (if you can)
DISABLE • SSL 2.0 • SSL 3.0 (if you can)
• TLS compression
CIPHER SUITES
CIPHER
CIPHER Cipher
CIPHER Cipher Plaintext
CIPHER Cipher Plaintext
CIPHER Cipher Ciphertext Plaintext
Ciphertext CIPHER Cipher Plaintext
CIPHER: MODE
CIPHER: MODE • CBC
CIPHER: MODE • CBC • stream ciphers
CIPHER: MODE • CBC • stream ciphers • GCM
ENCRYPTION: PREFER THIS
ENCRYPTION: PREFER THIS AES128-GCM &
ENCRYPTION: PREFER THIS AES128-GCM & ChaCha20
ENCRYPTION: FALL BACK TO AES128-CBC
ENCRYPTION: IF LIFE IS CRUEL TO YOU 3DES-CBC
ENCRYPTION: EOL
ENCRYPTION: DANGEROUS • EXP-*
ENCRYPTION: DANGEROUS • EXP-* • DES
ENCRYPTION: DANGEROUS • EXP-* • DES • RC4
KEY EXCHANGE
KEY EXCHANGE fast PFS RSA ✔️ ❌
KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️
KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️
ECDHE ✔️ ✔️
KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️
ECDHE ✔️ ✔️
INTEGRITY: MACS • Message Authentication Code
INTEGRITY: MACS • Message Authentication Code • HMAC
INTEGRITY: MACS • Message Authentication Code • HMAC • GCM
HAVE THE LAST WORD
YOU’RE DONE!
YOU’RE DONE! (but test your results!)
CERTIFICATE
CERTIFICATE
CERTIFICATE
CERTIFICATE
CERTIFICATE
CERTIFICATE
CERTIFICATE
PROTOCOLS
PROTOCOLS
PROTOCOLS
PROTOCOLS
CIPHER SUITES
CIPHER SUITES
CIPHER SUITES
CIPHER SUITES
CIPHER SUITES
CIPHER SUITES
CIPHER SUITES
CIPHER SUITES
CLIENTS
YOU HAD ONE JOB!
YOU HAD ONE JOB! VERIFY!
VERIFY THE CERTIFICATE! • valid?
VERIFY THE CERTIFICATE! • valid? • trustworthy chain?
VERIFY THE CERTIFICATE! • valid? • trustworthy chain? • correct
hostname/service?
TRUST CHAIN
TRUST CHAIN • VERIFY_PEER
TRUST CHAIN • VERIFY_PEER • trust stores OS dependent
TRUST CHAIN • VERIFY_PEER • trust stores OS dependent •
SSL_CTX_set_default_ verify_paths
SYSTEM CA • FreeBSD: ca_root_nss
SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates
SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates •
OS X: TEA or homebrew
SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates •
OS X: TEA or homebrew • Windows: wincertstore
SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates •
OS X: TEA or homebrew • Windows: wincertstore • or: Mozilla/certifi
HOSTNAME VERIFICATION OpenSSL to developers:
HOSTNAME VERIFICATION OpenSSL to developers: LOL
DON’T VERIFY TRUST CHAIN I can pretend to be Google
with any self-signed certificate.
DON’T VERIFY HOSTNAME I can pretend to be Google with
any valid certificate.
None
SET SOME OPTIONS • acceptable ciphers • disable SSL 2.0
THAT’S ALL!
USERS
FUNDAMENTAL MISCONCEPTIONS
FUNDAMENTAL MISCONCEPTIONS • no end-to-end security
FUNDAMENTAL MISCONCEPTIONS • no end-to-end security • metadata
VPN?
VPN? • sees all your traffic
VPN? • sees all your traffic • same for CDN
CERTIFICATE WARNINIGS
CERTIFICATE WARNINIGS
ROOT CERTIFICATE POISONING
TRUST ISSUES
TRUST ISSUES
TRUST ISSUES
TRUST ISSUES
TRUST ISSUES • hacked
TRUST ISSUES • hacked • screw up
TRUST ISSUES • hacked • screw up • court orders
TRUST ISSUES • hacked • screw up • court orders
• big corp
None
DON’T DO IT YOURSELF IF YOU CAN HELP IT. Rule
of Thumb
STANDARD LIBRARY VS. PYOPENSSL
STANDARD LIBRARY
STANDARD LIBRARY • terrible pre-3.3
STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7
STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7
• PFS impossible
STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7
• PFS impossible • missing options
STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7
• PFS impossible • missing options • bound to Python’s OpenSSL
HOSTNAME VERIFICATION 3.2– from ssl import match_hostname 2.4–2.7 pip install
backports.ssl_match_hostname
PYOPENSSL
PYOPENSSL • Python 2.6+, 3.2+, and PyPy
PYOPENSSL • Python 2.6+, 3.2+, and PyPy • more complete
API coverage
PYOPENSSL • Python 2.6+, 3.2+, and PyPy • more complete
API coverage • no server ECDHE (yet)
PYOPENSSL • Python 2.6+, 3.2+, and PyPy • more complete
API coverage • no server ECDHE (yet) • cryptography!
CRYPTOGRAPHY.IO
CRYPTOGRAPHY.IO • Python crypto w/o footguns
CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyPy ♥ cffi
CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyPy ♥ cffi
• SecureTransport is coming!
CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyPy ♥ cffi
• SecureTransport is coming! • gives pyOpenSSL momentum
HOSTNAME VERIFICATION service_identity
LIBRARIES & FRAMEWORKS
SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌
❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌
SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌
❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️
SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌
❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️ uWSGI own C code ✔️ ❌ ✔️
SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌
❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️ uWSGI own C code ✔️ ❌ ✔️
CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid
❌ ❌ ❌ gevent stdlib ❌ ❌ ❌
CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid
❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌
CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid
❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL opt-in opt-in ✔️
CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid
❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL opt-in opt-in ✔️ urllib2 stdlib ❌ ❌ ❌
CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid
❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL opt-in opt-in ✔️ urllib2 stdlib ❌ ❌ ❌ urllib3/requests hybrid ✔️ ✔️ ✔️
SUMMARY
SUMMARY • keep TLS out of Python if you can
SUMMARY • keep TLS out of Python if you can
• use pyOpenSSL-powered requests for HTTPS
SUMMARY • keep TLS out of Python if you can
• use pyOpenSSL-powered requests for HTTPS • write servers in Twisted
SUMMARY • keep TLS out of Python if you can
• use pyOpenSSL-powered requests for HTTPS • write servers in Twisted • use pyOpenSSL
SUMMARY • keep TLS out of Python if you can
• use pyOpenSSL-powered requests for HTTPS • write servers in Twisted • use pyOpenSSL • use Python 2 stdlib only for clients
WHY SORRY?
IMPLEMENTATIONS
IMPLEMENTATIONS
USERS
USERS • run outdated software
USERS • run outdated software • click certificate warnings away
USERS • run outdated software • click certificate warnings away
• are at the mercy of 3rd parties
SERVERS
SERVERS
CLIENTS
CLIENTS
PYTHON Is at the forefront of terrible.
HOPE
HOPE • people care again
HOPE • people care again • stdlib
HOPE • people care again • stdlib • PyCA
CALLS TO ACTION
CALLS TO ACTION
CALLS TO ACTION
CALLS TO ACTION
CALLS TO ACTION
ox.cx/t @hynek Crypto Open Space!