Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
『プロフェッショナルSSL/TLS』読書会 第9章資料
Search
sylph01
June 22, 2018
Technology
0
82
『プロフェッショナルSSL/TLS』読書会 第9章資料
sylph01
June 22, 2018
Tweet
Share
More Decks by sylph01
See All by sylph01
Updates on MLS on Ruby (and maybe more)
sylph01
1
180
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (RubyConf Taiwan 2025 ver.)
sylph01
1
88
PicoRuby's Networking is Incomplete
sylph01
1
43
The Definitive? Guide To Locally Organizing RubyKaigi
sylph01
6
1.6k
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too
sylph01
1
130
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (JP subtitles)
sylph01
2
600
Introduction to C Extensions
sylph01
3
210
"Actual" Security in Microcontroller Ruby!?
sylph01
0
150
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
72
Other Decks in Technology
See All in Technology
下手な強制、ダメ!絶対! 「ガードレール」を「檻」にさせない"ガバナンス"の取り方とは?
tsukaman
2
460
これでもう迷わない!Jetpack Composeの書き方実践ガイド
zozotech
PRO
0
1.1k
企業の生成AIガバナンスにおけるエージェントとセキュリティ
lycorptech_jp
PRO
2
190
20250912_RPALT_データを集める→とっ散らかる問題_Obsidian紹介
ratsbane666
0
100
Codeful Serverless / 一人運用でもやり抜く力
_kensh
7
450
「Linux」という言葉が指すもの
sat
PRO
4
140
「その開発、認知負荷高すぎませんか?」Platform Engineeringで始める開発者体験カイゼン術
sansantech
PRO
2
510
OCI Oracle Database Services新機能アップデート(2025/06-2025/08)
oracle4engineer
PRO
0
180
5分でカオスエンジニアリングを分かった気になろう
pandayumi
0
260
Generative AI Japan 第一回生成AI実践研究会「AI駆動開発の現在地──ブレイクスルーの鍵を握るのはデータ領域」
shisyu_gaku
0
330
会社紹介資料 / Sansan Company Profile
sansan33
PRO
6
380k
共有と分離 - Compose Multiplatform "本番導入" の設計指針
error96num
2
1.1k
Featured
See All Featured
Embracing the Ebb and Flow
colly
87
4.8k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
252
21k
The Language of Interfaces
destraynor
161
25k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
930
Code Review Best Practice
trishagee
71
19k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
127
53k
It's Worth the Effort
3n
187
28k
[RailsConf 2023] Rails as a piece of cake
palkan
57
5.8k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
30
9.7k
Writing Fast Ruby
sferik
628
62k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Transcript
ୈ9ষ: ύϑΥʔϚϯε ࠷దԽ @ʰϓϩϑΣογϣφϧSSL/TLSʱಡ ॻձ Ryo Kajiwara (@s01), 6/22/2018
TLS͍ ͱ͓ʔ͡ΌΜʁ
9.1 Ԇͱଓͷཧ TCPϨΠϠʔͷɻ • ଳҬ: ͓ۚͰղܾͩʂ • Ԇ: ޫͷ͞Λॻ͖͑Δʹ͍͘ΒੵΊ͍͍Ͱ͔͢
9.1 Ԇͱଓͷཧ [ఆٛ] RTT(round trip time): ϦΫΤετ͕తʹ౸ୡ͠Ϩεϙϯ ε͕ฦͬͯ͘Δ·Ͱʹ͔͔Δ࣌ؒɻ ͜͜Ͱαʔόͷॲཧ࣌ؒແࢹ͞Ε͍ͯΔͱࢥͬͯΑ͍ɻཁ͢ Δʹʢޫͷ͞ҰఆͱԾఆ͠ʣέʔϒϧͷԟ෮Ͱͷ͞ͱؔ
͕͋Δɻ 3way handshake1.5RTTɻͨͩ͠ΫϥΠΞϯτ͔Β௨৴Λ։࢝͢ ΔHTTPͳͲACKͱಉ࣌ʹΞϓϦέʔγϣϯσʔλΛૹ৴͢Δͷ Ͱ1RTTɻ
9.1.1 TCPͷ࠷దԽ TCP slow start: TCPͷ੍ޚํࣜɻ ૬ख͕ͲΕ͘Β͍ͷΛग़ͤΔ͔Θ͔Βͳ͍ͷͰɺ࠷ॳখ͞ ͳΟϯυ(congestion window)Λ͍ɺঃʑʹͦͷαΠζΛ ্͍͛ͯ͘ɻ
(7ষͷղઆͰHEIST߈ܸΛղઆͨ͠ࡍʹઆ໌ͨ͠Α͏ͳؾ͕͢Δ) HTTPଓ໋ͳͷͰcwnd͕খ͍͞ঢ়ଶͰӡ༻͞Ε͕ͪɻTLSϋ ϯυγΣΠΫଓͷ࠷ॳʹى͜ΔͷͰখ͍͞cwndͷӨڹΛड͚ ͕ͪɻ
9.1.1 TCPͷ࠷దԽ • Οϯυॳظͷνϡʔχϯά • ࠷ۙ10 segment㲈15KBΛॳظͱ͢Δͷ͕ਪ • idleޙͷslow startࢭ
• /etc/sysctl.conf ʹͯ net.ipv4.tcp_slow_start_after_idle=0
9.1.2 ଓͷ࣋ଓੑ TCPϋϯυγΣΠΫ/TLSϋϯυγΣΠΫ͕ԆͷӨڹΛड͚͕ͪ (RTTΛ૿͕ͪ͠)ͳͷͰଓΛ։͖ͬͺʹ͍ͨ͠ɻˠkeep-alive ͨͩ͠ରԠෆेͳWebαʔό͕ͨ·ʹ͍Δɻ ҎԼͷέʔεͰ༗ར/ෆར: (+) ΫϥΠΞϯτ͕ಉ͡αʔόʔʹͨ͘͞ΜͷϦΫΤετΛ͢Δ (-) ΫϥΠΞϯτ͕αʔόʔʹ1ճ͔͠ϦΫΤετΛ͠ͳ͍
9.1.3 SPDY, HTTP/2 ΈΜͳେ͖H2ͷɻ SPDY: TCPͱHTTPͷؒʹ৽ͨͳϨΠϠΛಋೖɻෳͷHTTP req/res ΛଟॏԽ͢ΔͷͰ1αʔό͋ͨΓ1ϦΫΤετɻHTTP/2ͷͱʹ ͳͬͨɻ •
TCP Fast Open: TCPϋϯυγΣΠΫ͔Β1RTTݮΒ͢ • QUIC: UDPͷ্ͰTCPͱಉ͡Α͏ͳ͜ͱͰ͖ͨΒ࠷ڧͩΑͶ
9.1.4 CDN ཧతʹࢄͨ͠େྔͷαʔόΛӡ༻ɻ • Τοδʹ͓͚ΔΩϟογϯά • ଓͷཧ • ෦ωοτϫʔΫͰଓΛظʹΘͨͬͯҡ࣋͢ΔͱଓΛ ຖճൃੜͤ͞ͳͯ͘Α͍
• ෦ωοτϫʔΫͰ࠷దͳroutingΛ͢Δ • ߋͳΔ࠷దԽͷͨΊͷಠࣗϓϩτίϧ͕͑Δ
9.2 TLSͷ࠷దԽ
9.2.1 伴ަ • 伴: ͍ͱsecure͚ͩͲͦΕ͚ͩॏ͍ɻ • ൿີ伴ΞϧΰϦζϜ • RSA࠷Ͱ2048bitҎ্ʹͳ͖ͬͯͯΔɻܭࢉྔ͕ͭΒ ͍ɻECDSAͳΒͬͱ͍ɻ
9.2.1 伴ަ • 伴ަΞϧΰϦζϜ • RSAForward Secrecy͕ͳ͍ • DHE͍ •
ΑΖ͍͠ɺͳΒECDHEͩ • secp256v1ͳΒ128bit҆શ • secp384v1ʹͯ҆͠શੑͦ͜·ͰΑ͘ͳΒͳ͍͚Ͳܭ ࢉྔ͕૿͑Δ
9.2.1 伴ަ ςετ݁Ռͷάϥϑ(p268): • RSA -> ECDHE_ECDSA ʹ͢ΔͱPFSΛಘ্ͨͰϋϯυγΣΠΫͷ ύϑΥʔϚϯε͕2ഒʹ্ʂ •
DHE1024bitͰ͢Β͍ɻ • : ΫϥΠΞϯτ࡞ۀ͕૿͑ͯͰͳ͍ɻαʔόʔͨ ͘͞ΜͷଓΛ͘͞ͷͰ࡞ۀ͕૿͑Δͱͦͷ͚ͩͭΒ͍ɻ
False Startʹ͍ͭͯ ϋϯυγΣΠΫ͕ޭ͢ΔલఏͰΞϓϦέʔγϣϯσʔλΛૹΕ ΔΑ͏ʹ͢Δ༷ɻ ߈ܸ͞Εͨ߹҉߸Խ͞ΕͨΞϓϦέʔγϣϯσʔλͷҰ෦͕ૹ ৴͞Εͯ͠·͏ɻ·ͨɺϋϯυγΣΠΫͷશੑݕূϋϯυ γΣΠΫ͕ऴΘΒͳ͍ͱͰ͖ͳ͍ͷͰ҉߸ԽύϥϝʔλΛ߈ܸ͞ ΕΔ͜ͱ͕͋Γ͏Δɻ →Googleʮڧ͍҉߸ͬͯΕ͍͍Μ͡Όͳ͍ͷʁʯ →Logjam߈ܸʮͦΜͳ͜ͱͳ͍ʯʢڧ͍伴ަඞཁʣ
9.2.2 ূ໌ॻ • ূ໌ॻνΣʔϯඞཁ࠷ݶͷαΠζʹ͠ɺશͳνΣʔϯΛ ఏࣔ͢Δ͜ͱ • αʔόͷূ໌ॻ + ൃߦݩCAͷূ໌ॻ •
ϧʔτূ໌ॻUAͷखݩʹ͋ΔͷͰ͚ͭͳͯ͘Α͍ • શͳͷͰͳ͍ͱ୳͠ʹߦ͘ख͕ؒൃੜ • αΠζ͕খ͘͞ͳΔͷͰECDSAূ໌ॻΛ͏
9.2.2 ূ໌ॻ • 1ͭͷূ໌ॻΛෳαΠτͰڞ༗͢Δͱɺϗετ໊Λূ໌ॻʹ Ճ͠ͳ͍͚ͯ͘ͳ͘ͳͬͯূ໌ॻͷαΠζ͕͘ͳΔ • ओʹSNIඇରԠΫϥΠΞϯτରࡦͱ͍͏͚ΕͲɺͦͦ͜ Μͳ͜ͱ͠ͳ͍ͷ͕ਖ਼͍͠ͷͰ…ʁ • ͱ͍͑ɺCloudFlareܦ༝ͷGitHub
PagesͷSSLԽͩͱ SubjectAltName͕ࢁ΄Ͳ͍ͭͯ͘Δͷͩͬͨ • ࠷ۙͦͷඞཁͳ͘ͳͬͨ
9.2.3 ࣦޮͷ֬ೝ • CRLͰͳ͘OCSPΛ͏ɻCRL͘ͳΓ͕ͪɻ • ߴͳOCSPϨεϙϯμΛඋ͑ͨCAΛ͏ • OCSP staplingΛ͏ EVৗʹࣦޮ֬ೝΛ͢Δ͕DVඞͣͦ͠ͷݶΓͰͳ͍ͷͰEV
ΑΓDVͷ΄͏͕͍ʂEVΦϫίϯʂʁˠOCSP stapling͢Εύ ϑΥʔϚϯεมΘΒͳ͍ͷͰͦΜͳ͜ͱͳ͍ɻ
9.2.4 ηογϣϯϦβϯϓγϣϯ ϑϧϋϯυγΣΠΫͷ͕ݮΕݮΔ΄ͲΑ͍ɻsession cacheΛద ʹઃఆ͠Α͏ɻ
9.2.5 సૹͷΦʔόʔϔου TLSͷసૹ୯ҐTLSϨίʔυ(௨ৗ16384byte)ɻ͜͜ʹσʔλ͕ଟ ͘ೖΕೖΔ΄Ͳޮ͕Α͍ɻ σʔλҎ֎ͷ෦ͱϔομɺMACɺύσΟϯάɺIVͳͲɻ AEADͩͱΦʔόʔϔου͕খ͍͞ɻMAC-then-Encryptͷ᠘ͷӨڹ ड͚ͳ͍͠ɺTLS 1.2Ҏ߱ͷAEADར༻ηΩϡϦςΟͰύ ϑΥʔϚϯεͰ༏ΕͯΔͱΘ͔Δɻ
9.2.6 ڞ௨伴҉߸Խํࣜ AES-NIରԠϚγϯΛ͑ɻ/proc/cpuinfoͷflagsʹaesͬͯೖͬͯ Εokɻ • AES͍ɻRC4͍͚Ͳ੬ऑͳͷͰ͏ཧ༝͕ͳ͍ɻ • CAMELLIAͱAESΞΫηϥϨʔγϣϯ͕͋ΔͱAESͷ΄͏͕2.77 ഒ͍ɻ •
SHA256SHA-1ΑΓ͍ɻํͳ͍Ͷɻ • AEAD(GCMϞʔυ)CBCϞʔυͱൺ͍ͯɻᘳͰʁ
9.2.7 TLSϨίʔυͷόοϑΝ… TLSϨίʔυ͕ෳύέοτʹׂ͞ΕΔ͜ͱ͕͋Δɻͦͷ߹Ͱ TLSϨίʔυ͕શʹἧ͏·Ͱ෮߸Խ/શੑݕূ͕Ͱ͖ͳ ͍ɻ TLSϨίʔυαΠζͷௐ͕Ͱ͖ΔWebαʔόͳΒϨίʔυαΠζ ΛԼ͛Δํ๏͋Δɻ MTU - IPv6
header - TCP header - TCP record = data size MTU͕มԽ͠͏Δ͜ͱʹҙɻ
9.2.8 ૬ޓӡ༻ੑ ৽͍͠ϓϩτίϧΛαʔόʔ͕ड͚͚ͳ͍ͱࣗಈతʹ࠶ωΰγ Τʔγϣϯ͕ൃੜͯ͠͠·͍RTT͕૿͑Δɻ͓ͱͳ͘͠࠷৽όʔ δϣϯ/࠷৽֦ுʹରԠͤ͞Δͷ͕Α͍ɻ
9.2.9 ϋʔυΣΞΞΫηϥϨʔγϣ ϯ ݱతʹαʔό͕҉߸νοϓΛผʹ࣋ͭཧ༝ύϑΥʔϚϯε ໘Ͱ΄ͱΜͲଘࡏ͠ͳ͍ɻͲͪΒ͔ͱ͍͏ͱHSM(hardware security module)ͱͯ͠ͷ༻్ɻ
9.3 DoS߈ܸ TLSʹؔͳ͍ରࡦͱͯ͠ • গͷIPΞυϨε͔ΒདྷΔ߹throttling • αʔόΛ૿͢ʢࡳଋͰԥΔʣ • ͦΕͰແཧͳΒDDoSରࡦઐۀऀΛཔΔʢΓࡳଋͰԥ Δʣ
9.3.1 伴ަͱ҉߸Խʹର͢ΔCPUͷ ίετ RSAͰެ։伴ͷॲཧʢʹΫϥΠΞϯτ͕ΔʣΑΓൿີ伴ͷ ॲཧʢʹαʔό͕Δʣͷ΄͏͕ॏ͍ɻ →ECDSAΛ͑ɻ
9.3.2 ΫϥΠΞϯτىݯͷ࠶ωΰγ Τʔγϣϯ ͜Ε͕ՄೳͳΒɺಉҰଓͰେྔͷϋϯυγΣΠΫΛൃੜͤ͞Β ΕΔͷͰɺthrottlingͷҙຯ͕ͳ͍ɻ IIS 6ɺApache 2.2.15Ҏ߱ͰΫϥΠΞϯτىݯͷ࠶ωΰγΤʔ γϣϯରԠ͍ͯ͠ͳ͍ʢNginxͦͦ࠷ॳ͔Βͳ͍ʣͷͰݱ తʹ΄΅ͳ͍ɻηΩϡϦςΟ্ͷ੬ऑੑ͋Γ͏ΔͷͰ
Θͳ͍΄͏͕͍͍ػೳͰ͢Ͷʢˠ7.1ষʣɻ
9.3.3 TLSʹର͢ΔDoS߈ܸͷ࠷దԽ : DoS߈ܸͷ࠷దԽͰ͢ɻ • ҉߸ॲཧΛ͠ͳ͍ϋϯυγΣΠΫϝοηʔδΛϋʔυίʔυ • αʔό͔Βड͚औͬͨϝοηʔδͷparse/ݕূΛলུ ͢Δͱαʔόʹ࠷ޙ·Ͱ༗ޮͳϋϯυγΣΠΫʹݟ͑ΔͷͰɺ αʔόͰܭࢉ͕ͬͯ͠·͏ɻαʔόʹରͯ͠ʮޮΑ͘ʯ
ʮܭࢉΛͤ͞Δʯ͜ͱ͕Ͱ͖ͯ͠·͏ɻ͜ΕΛΔͷ͕ sslsqueezeɻ