Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
『プロフェッショナルSSL/TLS』読書会 第9章資料
Search
sylph01
June 22, 2018
Technology
0
78
『プロフェッショナルSSL/TLS』読書会 第9章資料
sylph01
June 22, 2018
Tweet
Share
More Decks by sylph01
See All by sylph01
"Actual" Security in Microcontroller Ruby!?
sylph01
0
94
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
35
Updates on PicoRuby Networking, HPKE (and maybe more)
sylph01
1
250
Adding Security to Microcontroller Ruby
sylph01
2
3.3k
Secure Messaging at IETF 118
sylph01
0
85
Adventures in the Dungeons of OpenSSL
sylph01
0
530
Community & RubyKaigi Showcase @ Ehime.rb Reboot Meetup
sylph01
0
330
Build and Learn Rails Authentication
sylph01
8
2.1k
Email, Messaging, and Self-Sovereign Identity (2021/05/28 edition)
sylph01
0
310
Other Decks in Technology
See All in Technology
EMConf JP 2025 懇親会LT / EMConf JP 2025 social gathering
sugamasao
2
210
LINE NEWSにおけるバックエンド開発
lycorptech_jp
PRO
0
350
Ruby on Railsで持続可能な開発を行うために取り組んでいること
am1157154
3
160
ExaDB-XSで利用されているExadata Exascaleについて
oracle4engineer
PRO
3
300
Aurora PostgreSQLがCloudWatch Logsに 出力するログの課金を削減してみる #jawsdays2025
non97
1
240
Oracle Database Technology Night #87-1 : Exadata Database Service on Exascale Infrastructure(ExaDB-XS)サービス詳細
oracle4engineer
PRO
1
210
Introduction to OpenSearch Project - Search Engineering Tech Talk 2025 Winter
tkykenmt
2
200
AIエージェント時代のエンジニアになろう #jawsug #jawsdays2025 / 20250301 Agentic AI Engineering
yoshidashingo
9
4k
手を動かしてレベルアップしよう!
maruto
0
250
Two Blades, One Journey: Engineering While Managing
ohbarye
4
2.5k
Exadata Database Service on Cloud@Customer セキュリティ、ネットワーク、および管理について
oracle4engineer
PRO
2
1.6k
アジャイルな開発チームでテスト戦略の話は誰がする? / Who Talks About Test Strategy?
ak1210
1
800
Featured
See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2.1k
Facilitating Awesome Meetings
lara
53
6.3k
Large-scale JavaScript Application Architecture
addyosmani
511
110k
Making Projects Easy
brettharned
116
6k
The Art of Programming - Codeland 2020
erikaheidi
53
13k
Typedesign – Prime Four
hannesfritz
41
2.5k
Being A Developer After 40
akosma
89
590k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Why You Should Never Use an ORM
jnunemaker
PRO
55
9.2k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5.3k
Java REST API Framework Comparison - PWX 2021
mraible
29
8.4k
Done Done
chrislema
182
16k
Transcript
ୈ9ষ: ύϑΥʔϚϯε ࠷దԽ @ʰϓϩϑΣογϣφϧSSL/TLSʱಡ ॻձ Ryo Kajiwara (@s01), 6/22/2018
TLS͍ ͱ͓ʔ͡ΌΜʁ
9.1 Ԇͱଓͷཧ TCPϨΠϠʔͷɻ • ଳҬ: ͓ۚͰղܾͩʂ • Ԇ: ޫͷ͞Λॻ͖͑Δʹ͍͘ΒੵΊ͍͍Ͱ͔͢
9.1 Ԇͱଓͷཧ [ఆٛ] RTT(round trip time): ϦΫΤετ͕తʹ౸ୡ͠Ϩεϙϯ ε͕ฦͬͯ͘Δ·Ͱʹ͔͔Δ࣌ؒɻ ͜͜Ͱαʔόͷॲཧ࣌ؒແࢹ͞Ε͍ͯΔͱࢥͬͯΑ͍ɻཁ͢ Δʹʢޫͷ͞ҰఆͱԾఆ͠ʣέʔϒϧͷԟ෮Ͱͷ͞ͱؔ
͕͋Δɻ 3way handshake1.5RTTɻͨͩ͠ΫϥΠΞϯτ͔Β௨৴Λ։࢝͢ ΔHTTPͳͲACKͱಉ࣌ʹΞϓϦέʔγϣϯσʔλΛૹ৴͢Δͷ Ͱ1RTTɻ
9.1.1 TCPͷ࠷దԽ TCP slow start: TCPͷ੍ޚํࣜɻ ૬ख͕ͲΕ͘Β͍ͷΛग़ͤΔ͔Θ͔Βͳ͍ͷͰɺ࠷ॳখ͞ ͳΟϯυ(congestion window)Λ͍ɺঃʑʹͦͷαΠζΛ ্͍͛ͯ͘ɻ
(7ষͷղઆͰHEIST߈ܸΛղઆͨ͠ࡍʹઆ໌ͨ͠Α͏ͳؾ͕͢Δ) HTTPଓ໋ͳͷͰcwnd͕খ͍͞ঢ়ଶͰӡ༻͞Ε͕ͪɻTLSϋ ϯυγΣΠΫଓͷ࠷ॳʹى͜ΔͷͰখ͍͞cwndͷӨڹΛड͚ ͕ͪɻ
9.1.1 TCPͷ࠷దԽ • Οϯυॳظͷνϡʔχϯά • ࠷ۙ10 segment㲈15KBΛॳظͱ͢Δͷ͕ਪ • idleޙͷslow startࢭ
• /etc/sysctl.conf ʹͯ net.ipv4.tcp_slow_start_after_idle=0
9.1.2 ଓͷ࣋ଓੑ TCPϋϯυγΣΠΫ/TLSϋϯυγΣΠΫ͕ԆͷӨڹΛड͚͕ͪ (RTTΛ૿͕ͪ͠)ͳͷͰଓΛ։͖ͬͺʹ͍ͨ͠ɻˠkeep-alive ͨͩ͠ରԠෆेͳWebαʔό͕ͨ·ʹ͍Δɻ ҎԼͷέʔεͰ༗ར/ෆར: (+) ΫϥΠΞϯτ͕ಉ͡αʔόʔʹͨ͘͞ΜͷϦΫΤετΛ͢Δ (-) ΫϥΠΞϯτ͕αʔόʔʹ1ճ͔͠ϦΫΤετΛ͠ͳ͍
9.1.3 SPDY, HTTP/2 ΈΜͳେ͖H2ͷɻ SPDY: TCPͱHTTPͷؒʹ৽ͨͳϨΠϠΛಋೖɻෳͷHTTP req/res ΛଟॏԽ͢ΔͷͰ1αʔό͋ͨΓ1ϦΫΤετɻHTTP/2ͷͱʹ ͳͬͨɻ •
TCP Fast Open: TCPϋϯυγΣΠΫ͔Β1RTTݮΒ͢ • QUIC: UDPͷ্ͰTCPͱಉ͡Α͏ͳ͜ͱͰ͖ͨΒ࠷ڧͩΑͶ
9.1.4 CDN ཧతʹࢄͨ͠େྔͷαʔόΛӡ༻ɻ • Τοδʹ͓͚ΔΩϟογϯά • ଓͷཧ • ෦ωοτϫʔΫͰଓΛظʹΘͨͬͯҡ࣋͢ΔͱଓΛ ຖճൃੜͤ͞ͳͯ͘Α͍
• ෦ωοτϫʔΫͰ࠷దͳroutingΛ͢Δ • ߋͳΔ࠷దԽͷͨΊͷಠࣗϓϩτίϧ͕͑Δ
9.2 TLSͷ࠷దԽ
9.2.1 伴ަ • 伴: ͍ͱsecure͚ͩͲͦΕ͚ͩॏ͍ɻ • ൿີ伴ΞϧΰϦζϜ • RSA࠷Ͱ2048bitҎ্ʹͳ͖ͬͯͯΔɻܭࢉྔ͕ͭΒ ͍ɻECDSAͳΒͬͱ͍ɻ
9.2.1 伴ަ • 伴ަΞϧΰϦζϜ • RSAForward Secrecy͕ͳ͍ • DHE͍ •
ΑΖ͍͠ɺͳΒECDHEͩ • secp256v1ͳΒ128bit҆શ • secp384v1ʹͯ҆͠શੑͦ͜·ͰΑ͘ͳΒͳ͍͚Ͳܭ ࢉྔ͕૿͑Δ
9.2.1 伴ަ ςετ݁Ռͷάϥϑ(p268): • RSA -> ECDHE_ECDSA ʹ͢ΔͱPFSΛಘ্ͨͰϋϯυγΣΠΫͷ ύϑΥʔϚϯε͕2ഒʹ্ʂ •
DHE1024bitͰ͢Β͍ɻ • : ΫϥΠΞϯτ࡞ۀ͕૿͑ͯͰͳ͍ɻαʔόʔͨ ͘͞ΜͷଓΛ͘͞ͷͰ࡞ۀ͕૿͑Δͱͦͷ͚ͩͭΒ͍ɻ
False Startʹ͍ͭͯ ϋϯυγΣΠΫ͕ޭ͢ΔલఏͰΞϓϦέʔγϣϯσʔλΛૹΕ ΔΑ͏ʹ͢Δ༷ɻ ߈ܸ͞Εͨ߹҉߸Խ͞ΕͨΞϓϦέʔγϣϯσʔλͷҰ෦͕ૹ ৴͞Εͯ͠·͏ɻ·ͨɺϋϯυγΣΠΫͷશੑݕূϋϯυ γΣΠΫ͕ऴΘΒͳ͍ͱͰ͖ͳ͍ͷͰ҉߸ԽύϥϝʔλΛ߈ܸ͞ ΕΔ͜ͱ͕͋Γ͏Δɻ →Googleʮڧ͍҉߸ͬͯΕ͍͍Μ͡Όͳ͍ͷʁʯ →Logjam߈ܸʮͦΜͳ͜ͱͳ͍ʯʢڧ͍伴ަඞཁʣ
9.2.2 ূ໌ॻ • ূ໌ॻνΣʔϯඞཁ࠷ݶͷαΠζʹ͠ɺશͳνΣʔϯΛ ఏࣔ͢Δ͜ͱ • αʔόͷূ໌ॻ + ൃߦݩCAͷূ໌ॻ •
ϧʔτূ໌ॻUAͷखݩʹ͋ΔͷͰ͚ͭͳͯ͘Α͍ • શͳͷͰͳ͍ͱ୳͠ʹߦ͘ख͕ؒൃੜ • αΠζ͕খ͘͞ͳΔͷͰECDSAূ໌ॻΛ͏
9.2.2 ূ໌ॻ • 1ͭͷূ໌ॻΛෳαΠτͰڞ༗͢Δͱɺϗετ໊Λূ໌ॻʹ Ճ͠ͳ͍͚ͯ͘ͳ͘ͳͬͯূ໌ॻͷαΠζ͕͘ͳΔ • ओʹSNIඇରԠΫϥΠΞϯτରࡦͱ͍͏͚ΕͲɺͦͦ͜ Μͳ͜ͱ͠ͳ͍ͷ͕ਖ਼͍͠ͷͰ…ʁ • ͱ͍͑ɺCloudFlareܦ༝ͷGitHub
PagesͷSSLԽͩͱ SubjectAltName͕ࢁ΄Ͳ͍ͭͯ͘Δͷͩͬͨ • ࠷ۙͦͷඞཁͳ͘ͳͬͨ
9.2.3 ࣦޮͷ֬ೝ • CRLͰͳ͘OCSPΛ͏ɻCRL͘ͳΓ͕ͪɻ • ߴͳOCSPϨεϙϯμΛඋ͑ͨCAΛ͏ • OCSP staplingΛ͏ EVৗʹࣦޮ֬ೝΛ͢Δ͕DVඞͣͦ͠ͷݶΓͰͳ͍ͷͰEV
ΑΓDVͷ΄͏͕͍ʂEVΦϫίϯʂʁˠOCSP stapling͢Εύ ϑΥʔϚϯεมΘΒͳ͍ͷͰͦΜͳ͜ͱͳ͍ɻ
9.2.4 ηογϣϯϦβϯϓγϣϯ ϑϧϋϯυγΣΠΫͷ͕ݮΕݮΔ΄ͲΑ͍ɻsession cacheΛద ʹઃఆ͠Α͏ɻ
9.2.5 సૹͷΦʔόʔϔου TLSͷసૹ୯ҐTLSϨίʔυ(௨ৗ16384byte)ɻ͜͜ʹσʔλ͕ଟ ͘ೖΕೖΔ΄Ͳޮ͕Α͍ɻ σʔλҎ֎ͷ෦ͱϔομɺMACɺύσΟϯάɺIVͳͲɻ AEADͩͱΦʔόʔϔου͕খ͍͞ɻMAC-then-Encryptͷ᠘ͷӨڹ ड͚ͳ͍͠ɺTLS 1.2Ҏ߱ͷAEADར༻ηΩϡϦςΟͰύ ϑΥʔϚϯεͰ༏ΕͯΔͱΘ͔Δɻ
9.2.6 ڞ௨伴҉߸Խํࣜ AES-NIରԠϚγϯΛ͑ɻ/proc/cpuinfoͷflagsʹaesͬͯೖͬͯ Εokɻ • AES͍ɻRC4͍͚Ͳ੬ऑͳͷͰ͏ཧ༝͕ͳ͍ɻ • CAMELLIAͱAESΞΫηϥϨʔγϣϯ͕͋ΔͱAESͷ΄͏͕2.77 ഒ͍ɻ •
SHA256SHA-1ΑΓ͍ɻํͳ͍Ͷɻ • AEAD(GCMϞʔυ)CBCϞʔυͱൺ͍ͯɻᘳͰʁ
9.2.7 TLSϨίʔυͷόοϑΝ… TLSϨίʔυ͕ෳύέοτʹׂ͞ΕΔ͜ͱ͕͋Δɻͦͷ߹Ͱ TLSϨίʔυ͕શʹἧ͏·Ͱ෮߸Խ/શੑݕূ͕Ͱ͖ͳ ͍ɻ TLSϨίʔυαΠζͷௐ͕Ͱ͖ΔWebαʔόͳΒϨίʔυαΠζ ΛԼ͛Δํ๏͋Δɻ MTU - IPv6
header - TCP header - TCP record = data size MTU͕มԽ͠͏Δ͜ͱʹҙɻ
9.2.8 ૬ޓӡ༻ੑ ৽͍͠ϓϩτίϧΛαʔόʔ͕ड͚͚ͳ͍ͱࣗಈతʹ࠶ωΰγ Τʔγϣϯ͕ൃੜͯ͠͠·͍RTT͕૿͑Δɻ͓ͱͳ͘͠࠷৽όʔ δϣϯ/࠷৽֦ுʹରԠͤ͞Δͷ͕Α͍ɻ
9.2.9 ϋʔυΣΞΞΫηϥϨʔγϣ ϯ ݱతʹαʔό͕҉߸νοϓΛผʹ࣋ͭཧ༝ύϑΥʔϚϯε ໘Ͱ΄ͱΜͲଘࡏ͠ͳ͍ɻͲͪΒ͔ͱ͍͏ͱHSM(hardware security module)ͱͯ͠ͷ༻్ɻ
9.3 DoS߈ܸ TLSʹؔͳ͍ରࡦͱͯ͠ • গͷIPΞυϨε͔ΒདྷΔ߹throttling • αʔόΛ૿͢ʢࡳଋͰԥΔʣ • ͦΕͰແཧͳΒDDoSରࡦઐۀऀΛཔΔʢΓࡳଋͰԥ Δʣ
9.3.1 伴ަͱ҉߸Խʹର͢ΔCPUͷ ίετ RSAͰެ։伴ͷॲཧʢʹΫϥΠΞϯτ͕ΔʣΑΓൿີ伴ͷ ॲཧʢʹαʔό͕Δʣͷ΄͏͕ॏ͍ɻ →ECDSAΛ͑ɻ
9.3.2 ΫϥΠΞϯτىݯͷ࠶ωΰγ Τʔγϣϯ ͜Ε͕ՄೳͳΒɺಉҰଓͰେྔͷϋϯυγΣΠΫΛൃੜͤ͞Β ΕΔͷͰɺthrottlingͷҙຯ͕ͳ͍ɻ IIS 6ɺApache 2.2.15Ҏ߱ͰΫϥΠΞϯτىݯͷ࠶ωΰγΤʔ γϣϯରԠ͍ͯ͠ͳ͍ʢNginxͦͦ࠷ॳ͔Βͳ͍ʣͷͰݱ తʹ΄΅ͳ͍ɻηΩϡϦςΟ্ͷ੬ऑੑ͋Γ͏ΔͷͰ
Θͳ͍΄͏͕͍͍ػೳͰ͢Ͷʢˠ7.1ষʣɻ
9.3.3 TLSʹର͢ΔDoS߈ܸͷ࠷దԽ : DoS߈ܸͷ࠷దԽͰ͢ɻ • ҉߸ॲཧΛ͠ͳ͍ϋϯυγΣΠΫϝοηʔδΛϋʔυίʔυ • αʔό͔Βड͚औͬͨϝοηʔδͷparse/ݕূΛলུ ͢Δͱαʔόʹ࠷ޙ·Ͱ༗ޮͳϋϯυγΣΠΫʹݟ͑ΔͷͰɺ αʔόͰܭࢉ͕ͬͯ͠·͏ɻαʔόʹରͯ͠ʮޮΑ͘ʯ
ʮܭࢉΛͤ͞Δʯ͜ͱ͕Ͱ͖ͯ͠·͏ɻ͜ΕΛΔͷ͕ sslsqueezeɻ