Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

The Sorry State Of SSL by Hynek Schlawack

Avatar for PyCon 2014 PyCon 2014
April 12, 2014
Technology
2
560

The Sorry State Of SSL by Hynek Schlawack

Avatar for PyCon 2014

PyCon 2014

April 12, 2014
Tweet

More Decks by PyCon 2014

See All by PyCon 2014
Postgres Performance for Humans by Craig Kerstiens
Avatar for PyCon 2014 pycon2014
29
3.7k
Technical Onboarding, Training, and Mentoring by Kate Heddleston and Nicole Zuckerman
Avatar for PyCon 2014 pycon2014
1
2.4k
"My big gay adventure. Making, releasing and selling an indie game made in python." by Luke Miller
Avatar for PyCon 2014 pycon2014
2
1.6k
Farewell and Welcome Home, Python in Two Genders by Naomi_Ceder
Avatar for PyCon 2014 pycon2014
1
760
Deliver Your Software in an Envelope by Augie Fackler and Nathaniel Manista
Avatar for PyCon 2014 pycon2014
1
580
Hitchhikers Guide to Free and Open Source Participation by Elena Williams
Avatar for PyCon 2014 pycon2014
6
1.2k
Localization Revisted (aka. Translations Evolved) by Ruchi Varshney
Avatar for PyCon 2014 pycon2014
0
720
Smart Dumpster by Bradley E. Angell
Avatar for PyCon 2014 pycon2014
0
550
Software Engineering for Hackers: Bridging the Two Solitudes by Tavish Armstrong
Avatar for PyCon 2014 pycon2014
0
760

Other Decks in Technology

See All in Technology
EM歴1年10ヶ月のぼくがぶち当たった苦悩とこれからへ向けて
Avatar for maaaato maaaato
0
270
Bakuraku Engineering Team Deck
Avatar for LayerX layerx
PRO
12
7k
因果AIへの招待
Avatar for Shohei SHIMIZU sshimizu2006
0
910
「Managed Instances」と「durable functions」で広がるAWS Lambdaのユースケース
Avatar for Lamaglama39 lamaglama39
0
260
RAG/Agent開発のアップデートまとめ
Avatar for sakai taka0709
0
130
Oracle Database@Azure:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
2
110
LLM-Readyなデータ基盤を高速に構築するためのアジャイルデータモデリングの実例
Avatar for Kashira kashira
0
210
【pmconf2025】PdMの「責任感」がチームを弱くする?「分業型」から全員がユーザー価値に本気で向き合う「共創型開発チーム」への変遷
Avatar for Toshimasa Sekine toshimasa012345
0
260
Noを伝える技術2025: 爆速合意形成のためのNICOフレームワーク速習 #pmconf2025
Avatar for Aki / @LoveIdahoBurger aki_iinuma
2
2k
著者と読み解くAIエージェント現場導入の勘所 Lancers TechBook#2
Avatar for Shumpei Miyawaki smiyawaki0820
12
5.8k
Karate+Database RiderによるAPI自動テスト導入工数をCline+GitLab MCPを使って2割削減を目指す! / 20251206 Kazuki Takahashi
Avatar for SHIFT EVOLVE shift_evolve
PRO
1
460
Ruby で作る大規模イベントネットワーク構築・運用支援システム TTDB
Avatar for Taketo Takashima taketo1113
1
190

Featured

See All Featured
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
407
66k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
9
1k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
Writing Fast Ruby
Avatar for Erik Berlin sferik
630
62k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
180
10k
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
269
13k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
132
19k
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
16
1.8k
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.3k
Code Review Best Practice
Avatar for Trisha Gee trishagee
74
19k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
280
24k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
379
70k

Transcript

  1. THE SORRY STATE OF SSL Hynek Schlawack

  2. @hynek https://hynek.me https://github.com/hynek https://www.variomedia.de Hi!

  3. None
  4. None
  5. None

  6. ONLY LINK ox.cx/t

  7. WTF

  8. WTF SSL

  9. WTF SSL & TLS

  10. TIMELINE

  11. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape

  12. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,

    still Netscape

  13. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,

    still Netscape 1999: Transport Layer Security 1.0, IETF

  14. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,

    still Netscape 1999: Transport Layer Security 1.0, IETF 2006: TLS 1.1

  15. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,

    still Netscape 1999: Transport Layer Security 1.0, IETF 2006: TLS 1.1 2008: TLS 1.2

  16. 2013

  17. 2013 • newfound scrutiny

  18. 2013 • newfound scrutiny • browsers add TLS 1.2

  19. 2013 • newfound scrutiny • browsers add TLS 1.2 •

    just using TLS not enough

  20. TLS

  21. TLS • identity

  22. TLS • identity • confidentiality

  23. TLS • identity • confidentiality • integrity

  24. TLS HYGIENE

  25. SERVERS

  26. BE UP-TO-DATE • OpenSSL >= 1.0.1c • Apache >= 2.4.0

    • nginx >= 1.0.6 or 1.1.0

  27. CERTIFICATES • identity • validity

  28. CERTIFICATES • identity • validity • CA sig

  29. CERTIFICATES • identity • validity • CA sig

  30. CERTIFICATES • identity • validity • CA sig

  31. CERTIFICATES • identity • validity • CA sig

  32. CERTIFICATES • identity • validity • CA sig

  33. EXTENDED VALIDATION CERTIFICATES

  34. EXTENDED VALIDATION CERTIFICATES

  35. TRUST CHAIN

  36. TRUST CHAIN

  37. TRUST CHAIN

  38. CERTIFICATES • trust chain

  39. CERTIFICATES • trust chain • host name/service

  40. CERTIFICATES • trust chain • host name/service • already/still valid?

  41. DISABLE • SSL 2.0

  42. DISABLE • SSL 2.0 • SSL 3.0 (if you can)

  43. DISABLE • SSL 2.0 • SSL 3.0 (if you can)

    • TLS compression

  44. CIPHER SUITES

  45. CIPHER

  46. CIPHER Cipher

  47. CIPHER Cipher Plaintext

  48. CIPHER Cipher Plaintext

  49. CIPHER Cipher Ciphertext Plaintext

  50. Ciphertext CIPHER Cipher Plaintext

  51. CIPHER: MODE

  52. CIPHER: MODE • CBC

  53. CIPHER: MODE • CBC • stream ciphers

  54. CIPHER: MODE • CBC • stream ciphers • GCM

  55. ENCRYPTION: PREFER THIS

  56. ENCRYPTION: PREFER THIS AES128-GCM &

  57. ENCRYPTION: PREFER THIS AES128-GCM & ChaCha20

  58. ENCRYPTION: FALL BACK TO AES128-CBC

  59. ENCRYPTION: IF LIFE IS CRUEL TO YOU 3DES-CBC

  60. ENCRYPTION: EOL

  61. ENCRYPTION: DANGEROUS • EXP-*

  62. ENCRYPTION: DANGEROUS • EXP-* • DES

  63. ENCRYPTION: DANGEROUS • EXP-* • DES • RC4

  64. KEY EXCHANGE

  65. KEY EXCHANGE fast PFS RSA ✔️ ❌

  66. KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️

  67. KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️

    ECDHE ✔️ ✔️

  68. KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️

    ECDHE ✔️ ✔️

  69. INTEGRITY: MACS • Message Authentication Code

  70. INTEGRITY: MACS • Message Authentication Code • HMAC

  71. INTEGRITY: MACS • Message Authentication Code • HMAC • GCM

  72. HAVE THE LAST WORD

  73. YOU’RE DONE!

  74. YOU’RE DONE! (but test your results!)

  75. CERTIFICATE

  76. CERTIFICATE

  77. CERTIFICATE

  78. CERTIFICATE

  79. CERTIFICATE

  80. CERTIFICATE

  81. CERTIFICATE

  82. PROTOCOLS

  83. PROTOCOLS

  84. PROTOCOLS

  85. PROTOCOLS

  86. CIPHER SUITES

  87. CIPHER SUITES

  88. CIPHER SUITES

  89. CIPHER SUITES

  90. CIPHER SUITES

  91. CIPHER SUITES

  92. CIPHER SUITES

  93. CIPHER SUITES

  94. CLIENTS

  95. YOU HAD ONE JOB!

  96. YOU HAD ONE JOB! VERIFY!

  97. VERIFY THE CERTIFICATE! • valid?

  98. VERIFY THE CERTIFICATE! • valid? • trustworthy chain?

  99. VERIFY THE CERTIFICATE! • valid? • trustworthy chain? • correct

    hostname/service?

  100. TRUST CHAIN

  101. TRUST CHAIN • VERIFY_PEER

  102. TRUST CHAIN • VERIFY_PEER • trust stores OS dependent

  103. TRUST CHAIN • VERIFY_PEER • trust stores OS dependent •

    SSL_CTX_set_default_ verify_paths

  104. SYSTEM CA • FreeBSD: ca_root_nss

  105. SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates

  106. SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates •

    OS X: TEA or homebrew

  107. SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates •

    OS X: TEA or homebrew • Windows: wincertstore

  108. SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates •

    OS X: TEA or homebrew • Windows: wincertstore • or: Mozilla/certifi

  109. HOSTNAME VERIFICATION OpenSSL to developers:

  110. HOSTNAME VERIFICATION OpenSSL to developers: LOL

  111. DON’T VERIFY TRUST CHAIN I can pretend to be Google

    with any self-signed certificate.

  112. DON’T VERIFY HOSTNAME I can pretend to be Google with

    any valid certificate.
  113. None

  114. SET SOME OPTIONS • acceptable ciphers • disable SSL 2.0

  115. THAT’S ALL!

  116. USERS

  117. FUNDAMENTAL MISCONCEPTIONS

  118. FUNDAMENTAL MISCONCEPTIONS • no end-to-end security

  119. FUNDAMENTAL MISCONCEPTIONS • no end-to-end security • metadata

  120. VPN?

  121. VPN? • sees all your traffic

  122. VPN? • sees all your traffic • same for CDN

  123. CERTIFICATE WARNINIGS

  124. CERTIFICATE WARNINIGS

  125. ROOT CERTIFICATE POISONING

  126. TRUST ISSUES

  127. TRUST ISSUES

  128. TRUST ISSUES

  129. TRUST ISSUES

  130. TRUST ISSUES • hacked

  131. TRUST ISSUES • hacked • screw up

  132. TRUST ISSUES • hacked • screw up • court orders

  133. TRUST ISSUES • hacked • screw up • court orders

    • big corp
  134. None

  135. DON’T DO IT YOURSELF IF YOU CAN HELP IT. Rule

    of Thumb

  136. STANDARD LIBRARY VS. PYOPENSSL

  137. STANDARD LIBRARY

  138. STANDARD LIBRARY • terrible pre-3.3

  139. STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7

  140. STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7

    • PFS impossible

  141. STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7

    • PFS impossible • missing options

  142. STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7

    • PFS impossible • missing options • bound to Python’s OpenSSL

  143. HOSTNAME VERIFICATION 3.2– from ssl import match_hostname 2.4–2.7 pip install

    backports.ssl_match_hostname

  144. PYOPENSSL

  145. PYOPENSSL • Python 2.6+, 3.2+, and PyPy

  146. PYOPENSSL • Python 2.6+, 3.2+, and PyPy • more complete

    API coverage

  147. PYOPENSSL • Python 2.6+, 3.2+, and PyPy • more complete

    API coverage • no server ECDHE (yet)

  148. PYOPENSSL • Python 2.6+, 3.2+, and PyPy • more complete

    API coverage • no server ECDHE (yet) • cryptography!

  149. CRYPTOGRAPHY.IO

  150. CRYPTOGRAPHY.IO • Python crypto w/o footguns

  151. CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyPy ♥ cffi

  152. CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyPy ♥ cffi

    • SecureTransport is coming!

  153. CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyPy ♥ cffi

    • SecureTransport is coming! • gives pyOpenSSL momentum

  154. HOSTNAME VERIFICATION service_identity

  155. LIBRARIES & FRAMEWORKS

  156. SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌

    ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌

  157. SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌

    ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️

  158. SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌

    ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️ uWSGI own C code ✔️ ❌ ✔️

  159. SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌

    ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️ uWSGI own C code ✔️ ❌ ✔️

  160. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌

  161. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌

  162. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL opt-in opt-in ✔️

  163. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL opt-in opt-in ✔️ urllib2 stdlib ❌ ❌ ❌

  164. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL opt-in opt-in ✔️ urllib2 stdlib ❌ ❌ ❌ urllib3/requests hybrid ✔️ ✔️ ✔️

  165. SUMMARY

  166. SUMMARY • keep TLS out of Python if you can

  167. SUMMARY • keep TLS out of Python if you can

    • use pyOpenSSL-powered requests for HTTPS

  168. SUMMARY • keep TLS out of Python if you can

    • use pyOpenSSL-powered requests for HTTPS • write servers in Twisted

  169. SUMMARY • keep TLS out of Python if you can

    • use pyOpenSSL-powered requests for HTTPS • write servers in Twisted • use pyOpenSSL

  170. SUMMARY • keep TLS out of Python if you can

    • use pyOpenSSL-powered requests for HTTPS • write servers in Twisted • use pyOpenSSL • use Python 2 stdlib only for clients

  171. WHY SORRY?

  172. IMPLEMENTATIONS

  173. IMPLEMENTATIONS

  174. USERS

  175. USERS • run outdated software

  176. USERS • run outdated software • click certificate warnings away

  177. USERS • run outdated software • click certificate warnings away

    • are at the mercy of 3rd parties

  178. SERVERS

  179. SERVERS

  180. CLIENTS

  181. CLIENTS

  182. PYTHON Is at the forefront of terrible.

  183. HOPE

  184. HOPE • people care again

  185. HOPE • people care again • stdlib

  186. HOPE • people care again • stdlib • PyCA

  187. CALLS TO ACTION

  188. CALLS TO ACTION

  189. CALLS TO ACTION

  190. CALLS TO ACTION

  191. CALLS TO ACTION

  192. ox.cx/t @hynek Crypto Open Space!