Layer Security The new(ish) name for SSL - Since 1999 A set of standards for security & encryption tools Can wrap around any higher-level protocol Popular implementations: OpenSSL, LibreSSL, BoringSSL
encryption & authentication Faster with SPDY & HTTP/2 Google will rank you higher Required for iOS apps Chrome 50 disabled HTTP GeoLocation Keeps the wicked witch out
1: Connect Overall sequence called a TLS handshake Client requests encryption in cleartext Implicit (HTTPS) or explicit (SMTP+STARTTLS) Client presents supported cipher suites list for TLS version, key exchange, cipher, MAC, may include a client certificate TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Server chooses cipher suite, reply includes public certificate
2: Key Exchange RSA or Diffie-Hellman key exchange Exchange keys may be derived directly from private key Or with a random “Ephemeral” value Perfect Forward Secrecy (PFS) Look for DHE in cipher lists Server and client hold same shared secret
3: Verification Client encrypts a message to the server using shared secret and symmetric cipher Server responds with a success message, also encrypted with shared secret Both sides are now certain that they have a secure, reliable channel
4: Ready to go From this point onwards, client and server communicate only using the established ciphers and keys Handshake is slow; TLS session caching makes subsequent requests more efficient Having set up TLS, the server can say what happens next Used by HTTP/2 NPN (old) and ALPN (RFC7301) TLS extensions
public/private key pair At least 2048 bits Create a certificate signing request (CSR) Use SHA-2 signature Sign the CSR to create a public certificate Yourself… By a Certificate Authority (CA)
no chain, no authority, no trust But will still encrypt CAs have trusted self-signed roots CA certificates embedded in browsers Intermediate certificates May be cross-signed
What happens if there’s a problem with your certificate? Private key exposed Online Certificate Status Protocol - OCSP Checks status of your cert with your CA Adds overhead, so… Use OCSP stapling in your web server
validation levels Extra names with SAN + SNI Wildcards make admin easier: *.example.com Issuing certificates is technically trivial …but administratively hard Made simpler with letsencrypt.org, ACME protocol, certbot Getting the right certificate
site One certificate per IP, wildcards, or use SNI Create DH params for forward secrecy At least TLSv1.0 - disable SSLv3 & bad ciphers Enable TLS session caching Staple CA certs for OCSP Deploying TLS - Server config
security HTTP Strict Transport Security (HSTS) “We always encrypt” HTTP Public Key Pinning (HPKP) “Trust only these certificates” Potentially dangerous! Can apply to all subdomains Prevent MITM with preloading
Defined in RFC 7540 Must support TLS 1.2 Must support SNI Must support PFS (DHE) Requires at least 2048-bit DH params Must disable compression & renegotiation Must use SHA-2 certificate signatures
be free It’s fast(er) - use HTTP/2 Use TLS everywhere by default Understand vulnerabilities Simple measures maximise security Help Hansel & Gretel make it to your site safely
synchro
kazuhitotakahashi
oracle4engineer
kamina_zzz
rrreeeyyy
amixedcolor
akexorcist
estie
lycorp_recruit_jp
ryomrt
sansantech
sugamasao
kitsuya0828
lara
jlugia
colly
vanstee
geeforr
keithpitt
bkeepers
eileencodes
yeseniaperezcruz
maltzj
malarkey
lynnandtonic
