Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up
for free
『プロフェッショナルSSL/TLS』読書会 第9章資料
sylph01
June 22, 2018
Technology
0
52
『プロフェッショナルSSL/TLS』読書会 第9章資料
sylph01
June 22, 2018
Tweet
Share
More Decks by sylph01
See All by sylph01
sylph01
0
180
sylph01
0
370
sylph01
1
1.7k
sylph01
1
42
sylph01
0
320
sylph01
0
41
sylph01
1
230
sylph01
0
330
sylph01
0
200
Other Decks in Technology
See All in Technology
free_world21
0
110
hiroyaiizuka
0
190
dena_tech
1
810
leaner_tech
0
1.3k
go5paopao
4
540
sansandsoc
0
530
dena_tech
15
3.5k
110y
2
11k
uzabase_saas_product
0
110
soracom
0
180
syoshie
1
680
takumanakagame
1
290
Featured
See All Featured
roundedbygravity
242
21k
samanthasiow
56
6.4k
sachag
267
17k
maltzj
502
36k
shpigford
369
42k
morganepeng
93
14k
3n
163
22k
keithpitt
401
20k
swwweet
206
6.9k
holman
461
280k
lara
15
2.7k
jakevdp
775
200k
Transcript
ୈ9ষ: ύϑΥʔϚϯε ࠷దԽ @ʰϓϩϑΣογϣφϧSSL/TLSʱಡ ॻձ Ryo Kajiwara (@s01), 6/22/2018
TLS͍ ͱ͓ʔ͡ΌΜʁ
9.1 Ԇͱଓͷཧ TCPϨΠϠʔͷɻ • ଳҬ: ͓ۚͰղܾͩʂ • Ԇ: ޫͷ͞Λॻ͖͑Δʹ͍͘ΒੵΊ͍͍Ͱ͔͢
9.1 Ԇͱଓͷཧ [ఆٛ] RTT(round trip time): ϦΫΤετ͕తʹ౸ୡ͠Ϩεϙϯ ε͕ฦͬͯ͘Δ·Ͱʹ͔͔Δ࣌ؒɻ ͜͜Ͱαʔόͷॲཧ࣌ؒແࢹ͞Ε͍ͯΔͱࢥͬͯΑ͍ɻཁ͢ Δʹʢޫͷ͞ҰఆͱԾఆ͠ʣέʔϒϧͷԟ෮Ͱͷ͞ͱؔ
͕͋Δɻ 3way handshake1.5RTTɻͨͩ͠ΫϥΠΞϯτ͔Β௨৴Λ։࢝͢ ΔHTTPͳͲACKͱಉ࣌ʹΞϓϦέʔγϣϯσʔλΛૹ৴͢Δͷ Ͱ1RTTɻ
9.1.1 TCPͷ࠷దԽ TCP slow start: TCPͷ੍ޚํࣜɻ ૬ख͕ͲΕ͘Β͍ͷΛग़ͤΔ͔Θ͔Βͳ͍ͷͰɺ࠷ॳখ͞ ͳΟϯυ(congestion window)Λ͍ɺঃʑʹͦͷαΠζΛ ্͍͛ͯ͘ɻ
(7ষͷղઆͰHEIST߈ܸΛղઆͨ͠ࡍʹઆ໌ͨ͠Α͏ͳؾ͕͢Δ) HTTPଓ໋ͳͷͰcwnd͕খ͍͞ঢ়ଶͰӡ༻͞Ε͕ͪɻTLSϋ ϯυγΣΠΫଓͷ࠷ॳʹى͜ΔͷͰখ͍͞cwndͷӨڹΛड͚ ͕ͪɻ
9.1.1 TCPͷ࠷దԽ • Οϯυॳظͷνϡʔχϯά • ࠷ۙ10 segment㲈15KBΛॳظͱ͢Δͷ͕ਪ • idleޙͷslow startࢭ
• /etc/sysctl.conf ʹͯ net.ipv4.tcp_slow_start_after_idle=0
9.1.2 ଓͷ࣋ଓੑ TCPϋϯυγΣΠΫ/TLSϋϯυγΣΠΫ͕ԆͷӨڹΛड͚͕ͪ (RTTΛ૿͕ͪ͠)ͳͷͰଓΛ։͖ͬͺʹ͍ͨ͠ɻˠkeep-alive ͨͩ͠ରԠෆेͳWebαʔό͕ͨ·ʹ͍Δɻ ҎԼͷέʔεͰ༗ར/ෆར: (+) ΫϥΠΞϯτ͕ಉ͡αʔόʔʹͨ͘͞ΜͷϦΫΤετΛ͢Δ (-) ΫϥΠΞϯτ͕αʔόʔʹ1ճ͔͠ϦΫΤετΛ͠ͳ͍
9.1.3 SPDY, HTTP/2 ΈΜͳେ͖H2ͷɻ SPDY: TCPͱHTTPͷؒʹ৽ͨͳϨΠϠΛಋೖɻෳͷHTTP req/res ΛଟॏԽ͢ΔͷͰ1αʔό͋ͨΓ1ϦΫΤετɻHTTP/2ͷͱʹ ͳͬͨɻ •
TCP Fast Open: TCPϋϯυγΣΠΫ͔Β1RTTݮΒ͢ • QUIC: UDPͷ্ͰTCPͱಉ͡Α͏ͳ͜ͱͰ͖ͨΒ࠷ڧͩΑͶ
9.1.4 CDN ཧతʹࢄͨ͠େྔͷαʔόΛӡ༻ɻ • Τοδʹ͓͚ΔΩϟογϯά • ଓͷཧ • ෦ωοτϫʔΫͰଓΛظʹΘͨͬͯҡ࣋͢ΔͱଓΛ ຖճൃੜͤ͞ͳͯ͘Α͍
• ෦ωοτϫʔΫͰ࠷దͳroutingΛ͢Δ • ߋͳΔ࠷దԽͷͨΊͷಠࣗϓϩτίϧ͕͑Δ
9.2 TLSͷ࠷దԽ
9.2.1 伴ަ • 伴: ͍ͱsecure͚ͩͲͦΕ͚ͩॏ͍ɻ • ൿີ伴ΞϧΰϦζϜ • RSA࠷Ͱ2048bitҎ্ʹͳ͖ͬͯͯΔɻܭࢉྔ͕ͭΒ ͍ɻECDSAͳΒͬͱ͍ɻ
9.2.1 伴ަ • 伴ަΞϧΰϦζϜ • RSAForward Secrecy͕ͳ͍ • DHE͍ •
ΑΖ͍͠ɺͳΒECDHEͩ • secp256v1ͳΒ128bit҆શ • secp384v1ʹͯ҆͠શੑͦ͜·ͰΑ͘ͳΒͳ͍͚Ͳܭ ࢉྔ͕૿͑Δ
9.2.1 伴ަ ςετ݁Ռͷάϥϑ(p268): • RSA -> ECDHE_ECDSA ʹ͢ΔͱPFSΛಘ্ͨͰϋϯυγΣΠΫͷ ύϑΥʔϚϯε͕2ഒʹ্ʂ •
DHE1024bitͰ͢Β͍ɻ • : ΫϥΠΞϯτ࡞ۀ͕૿͑ͯͰͳ͍ɻαʔόʔͨ ͘͞ΜͷଓΛ͘͞ͷͰ࡞ۀ͕૿͑Δͱͦͷ͚ͩͭΒ͍ɻ
False Startʹ͍ͭͯ ϋϯυγΣΠΫ͕ޭ͢ΔલఏͰΞϓϦέʔγϣϯσʔλΛૹΕ ΔΑ͏ʹ͢Δ༷ɻ ߈ܸ͞Εͨ߹҉߸Խ͞ΕͨΞϓϦέʔγϣϯσʔλͷҰ෦͕ૹ ৴͞Εͯ͠·͏ɻ·ͨɺϋϯυγΣΠΫͷશੑݕূϋϯυ γΣΠΫ͕ऴΘΒͳ͍ͱͰ͖ͳ͍ͷͰ҉߸ԽύϥϝʔλΛ߈ܸ͞ ΕΔ͜ͱ͕͋Γ͏Δɻ →Googleʮڧ͍҉߸ͬͯΕ͍͍Μ͡Όͳ͍ͷʁʯ →Logjam߈ܸʮͦΜͳ͜ͱͳ͍ʯʢڧ͍伴ަඞཁʣ
9.2.2 ূ໌ॻ • ূ໌ॻνΣʔϯඞཁ࠷ݶͷαΠζʹ͠ɺશͳνΣʔϯΛ ఏࣔ͢Δ͜ͱ • αʔόͷূ໌ॻ + ൃߦݩCAͷূ໌ॻ •
ϧʔτূ໌ॻUAͷखݩʹ͋ΔͷͰ͚ͭͳͯ͘Α͍ • શͳͷͰͳ͍ͱ୳͠ʹߦ͘ख͕ؒൃੜ • αΠζ͕খ͘͞ͳΔͷͰECDSAূ໌ॻΛ͏
9.2.2 ূ໌ॻ • 1ͭͷূ໌ॻΛෳαΠτͰڞ༗͢Δͱɺϗετ໊Λূ໌ॻʹ Ճ͠ͳ͍͚ͯ͘ͳ͘ͳͬͯূ໌ॻͷαΠζ͕͘ͳΔ • ओʹSNIඇରԠΫϥΠΞϯτରࡦͱ͍͏͚ΕͲɺͦͦ͜ Μͳ͜ͱ͠ͳ͍ͷ͕ਖ਼͍͠ͷͰ…ʁ • ͱ͍͑ɺCloudFlareܦ༝ͷGitHub
PagesͷSSLԽͩͱ SubjectAltName͕ࢁ΄Ͳ͍ͭͯ͘Δͷͩͬͨ • ࠷ۙͦͷඞཁͳ͘ͳͬͨ
9.2.3 ࣦޮͷ֬ೝ • CRLͰͳ͘OCSPΛ͏ɻCRL͘ͳΓ͕ͪɻ • ߴͳOCSPϨεϙϯμΛඋ͑ͨCAΛ͏ • OCSP staplingΛ͏ EVৗʹࣦޮ֬ೝΛ͢Δ͕DVඞͣͦ͠ͷݶΓͰͳ͍ͷͰEV
ΑΓDVͷ΄͏͕͍ʂEVΦϫίϯʂʁˠOCSP stapling͢Εύ ϑΥʔϚϯεมΘΒͳ͍ͷͰͦΜͳ͜ͱͳ͍ɻ
9.2.4 ηογϣϯϦβϯϓγϣϯ ϑϧϋϯυγΣΠΫͷ͕ݮΕݮΔ΄ͲΑ͍ɻsession cacheΛద ʹઃఆ͠Α͏ɻ
9.2.5 సૹͷΦʔόʔϔου TLSͷసૹ୯ҐTLSϨίʔυ(௨ৗ16384byte)ɻ͜͜ʹσʔλ͕ଟ ͘ೖΕೖΔ΄Ͳޮ͕Α͍ɻ σʔλҎ֎ͷ෦ͱϔομɺMACɺύσΟϯάɺIVͳͲɻ AEADͩͱΦʔόʔϔου͕খ͍͞ɻMAC-then-Encryptͷ᠘ͷӨڹ ड͚ͳ͍͠ɺTLS 1.2Ҏ߱ͷAEADར༻ηΩϡϦςΟͰύ ϑΥʔϚϯεͰ༏ΕͯΔͱΘ͔Δɻ
9.2.6 ڞ௨伴҉߸Խํࣜ AES-NIରԠϚγϯΛ͑ɻ/proc/cpuinfoͷflagsʹaesͬͯೖͬͯ Εokɻ • AES͍ɻRC4͍͚Ͳ੬ऑͳͷͰ͏ཧ༝͕ͳ͍ɻ • CAMELLIAͱAESΞΫηϥϨʔγϣϯ͕͋ΔͱAESͷ΄͏͕2.77 ഒ͍ɻ •
SHA256SHA-1ΑΓ͍ɻํͳ͍Ͷɻ • AEAD(GCMϞʔυ)CBCϞʔυͱൺ͍ͯɻᘳͰʁ
9.2.7 TLSϨίʔυͷόοϑΝ… TLSϨίʔυ͕ෳύέοτʹׂ͞ΕΔ͜ͱ͕͋Δɻͦͷ߹Ͱ TLSϨίʔυ͕શʹἧ͏·Ͱ෮߸Խ/શੑݕূ͕Ͱ͖ͳ ͍ɻ TLSϨίʔυαΠζͷௐ͕Ͱ͖ΔWebαʔόͳΒϨίʔυαΠζ ΛԼ͛Δํ๏͋Δɻ MTU - IPv6
header - TCP header - TCP record = data size MTU͕มԽ͠͏Δ͜ͱʹҙɻ
9.2.8 ૬ޓӡ༻ੑ ৽͍͠ϓϩτίϧΛαʔόʔ͕ड͚͚ͳ͍ͱࣗಈతʹ࠶ωΰγ Τʔγϣϯ͕ൃੜͯ͠͠·͍RTT͕૿͑Δɻ͓ͱͳ͘͠࠷৽όʔ δϣϯ/࠷৽֦ுʹରԠͤ͞Δͷ͕Α͍ɻ
9.2.9 ϋʔυΣΞΞΫηϥϨʔγϣ ϯ ݱతʹαʔό͕҉߸νοϓΛผʹ࣋ͭཧ༝ύϑΥʔϚϯε ໘Ͱ΄ͱΜͲଘࡏ͠ͳ͍ɻͲͪΒ͔ͱ͍͏ͱHSM(hardware security module)ͱͯ͠ͷ༻్ɻ
9.3 DoS߈ܸ TLSʹؔͳ͍ରࡦͱͯ͠ • গͷIPΞυϨε͔ΒདྷΔ߹throttling • αʔόΛ૿͢ʢࡳଋͰԥΔʣ • ͦΕͰແཧͳΒDDoSରࡦઐۀऀΛཔΔʢΓࡳଋͰԥ Δʣ
9.3.1 伴ަͱ҉߸Խʹର͢ΔCPUͷ ίετ RSAͰެ։伴ͷॲཧʢʹΫϥΠΞϯτ͕ΔʣΑΓൿີ伴ͷ ॲཧʢʹαʔό͕Δʣͷ΄͏͕ॏ͍ɻ →ECDSAΛ͑ɻ
9.3.2 ΫϥΠΞϯτىݯͷ࠶ωΰγ Τʔγϣϯ ͜Ε͕ՄೳͳΒɺಉҰଓͰେྔͷϋϯυγΣΠΫΛൃੜͤ͞Β ΕΔͷͰɺthrottlingͷҙຯ͕ͳ͍ɻ IIS 6ɺApache 2.2.15Ҏ߱ͰΫϥΠΞϯτىݯͷ࠶ωΰγΤʔ γϣϯରԠ͍ͯ͠ͳ͍ʢNginxͦͦ࠷ॳ͔Βͳ͍ʣͷͰݱ తʹ΄΅ͳ͍ɻηΩϡϦςΟ্ͷ੬ऑੑ͋Γ͏ΔͷͰ
Θͳ͍΄͏͕͍͍ػೳͰ͢Ͷʢˠ7.1ষʣɻ
9.3.3 TLSʹର͢ΔDoS߈ܸͷ࠷దԽ : DoS߈ܸͷ࠷దԽͰ͢ɻ • ҉߸ॲཧΛ͠ͳ͍ϋϯυγΣΠΫϝοηʔδΛϋʔυίʔυ • αʔό͔Βड͚औͬͨϝοηʔδͷparse/ݕূΛলུ ͢Δͱαʔόʹ࠷ޙ·Ͱ༗ޮͳϋϯυγΣΠΫʹݟ͑ΔͷͰɺ αʔόͰܭࢉ͕ͬͯ͠·͏ɻαʔόʹରͯ͠ʮޮΑ͘ʯ
ʮܭࢉΛͤ͞Δʯ͜ͱ͕Ͱ͖ͯ͠·͏ɻ͜ΕΛΔͷ͕ sslsqueezeɻ