Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hansel & Gretel do TLS

Hansel & Gretel do TLS

My talk on TLS from EnterJS.de 2016 #ejs16

Marcus Bointon

June 16, 2016
Tweet

More Decks by Marcus Bointon

Other Decks in Technology

Transcript

  1. EnterJS.de 2016 Marcus Bointon - TLS What is TLS? Transport

    Layer Security The new(ish) name for SSL - Since 1999 A set of standards for security & encryption tools Can wrap around any higher-level protocol Popular implementations: OpenSSL, LibreSSL, BoringSSL
  2. EnterJS.de 2016 Marcus Bointon - TLS Why use TLS? Provides

    encryption & authentication Faster with SPDY & HTTP/2 Google will rank you higher Required for iOS apps Chrome 50 disabled HTTP GeoLocation Keeps the wicked witch out
  3. EnterJS.de 2016 Marcus Bointon - TLS Ciphers, MACs & Hashes

    Hashes produce a short digest - “one way encrypt” MD5, SHA1, SHA2, bcrypt, Argon2 Message Authentication Code (MAC) HMAC-MD5, HMAC-SHA1, Poly1305 Ciphers are encryption algorithms Integer factoring, discrete logarithm, elliptic curve (EC) Symmetric, asymmetric; block, stream RC4, AES, 3DES, RSA, Ed25519, ChaCha20
  4. EnterJS.de 2016 Marcus Bointon - TLS How does TLS work?

    1: Connect Overall sequence called a TLS handshake Client requests encryption in cleartext Implicit (HTTPS) or explicit (SMTP+STARTTLS) Client presents supported cipher suites list for TLS version, key exchange, cipher, MAC, may include a client certificate TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Server chooses cipher suite, reply includes public certificate
  5. EnterJS.de 2016 Marcus Bointon - TLS How does TLS work?

    2: Key Exchange RSA or Diffie-Hellman key exchange Exchange keys may be derived directly from private key Or with a random “Ephemeral” value Perfect Forward Secrecy (PFS) Look for DHE in cipher lists Server and client hold same shared secret
  6. EnterJS.de 2016 Marcus Bointon - TLS How does TLS work?

    3: Verification Client encrypts a message to the server using shared secret and symmetric cipher Server responds with a success message,
 also encrypted with shared secret Both sides are now certain that they have
 a secure, reliable channel
  7. EnterJS.de 2016 Marcus Bointon - TLS How does TLS work?

    4: Ready to go From this point onwards, client and server communicate only using the established ciphers and keys Handshake is slow; TLS session caching makes subsequent requests more efficient Having set up TLS, the server can say what happens next Used by HTTP/2 NPN (old) and ALPN (RFC7301) TLS extensions
  8. EnterJS.de 2016 Marcus Bointon - TLS Attacks on TLS Heartbleed

    - OpenSSL bugs POODLE - SSLv3 holes, RC4 Logjam - weak export ciphers DROWN - SSLv2 fallback BEAST, BREACH, CRIME, TeLeScope Attack summary in RFC7457 The upside - improved quality and awareness
  9. EnterJS.de 2016 Marcus Bointon - TLS Attacks on TLS 2

    Connect Key exchange Verification Traffic MITM, downgrades POODLE, DROWN Heartbleed Logjam TeLeScope
  10. EnterJS.de 2016 Marcus Bointon - TLS Creating certificates Create a

    public/private key pair At least 2048 bits Create a certificate signing request (CSR) Use SHA-2 signature Sign the CSR to create a public certificate Yourself… By a Certificate Authority (CA)
  11. EnterJS.de 2016 Marcus Bointon - TLS Certificate chains Self-signed ==

    no chain, no authority, no trust But will still encrypt CAs have trusted self-signed roots CA certificates embedded in browsers Intermediate certificates May be cross-signed
  12. EnterJS.de 2016 Marcus Bointon - TLS Intermediate CA certificate Certificate

    chains 2 Browser & OS certificate store Root CA certificate Site certificate Server certificate store Root CA certificate
  13. EnterJS.de 2016 Marcus Bointon - TLS Certificate checking - OCSP

    What happens if there’s a problem with your certificate? Private key exposed Online Certificate Status Protocol - OCSP Checks status of your cert with your CA Adds overhead, so… Use OCSP stapling in your web server
  14. EnterJS.de 2016 Marcus Bointon - TLS DV, OV and EV

    validation levels Extra names with SAN + SNI Wildcards make admin easier: *.example.com Issuing certificates is technically trivial …but administratively hard Made simpler with letsencrypt.org, ACME protocol, certbot Getting the right certificate
  15. EnterJS.de 2016 Marcus Bointon - TLS Use TLS by default,

    keeps things simple Don’t use protocol-relative URLs (//…) Avoid mixed mode: https + http Create proxies if not available Cookies: secure-only Deploying TLS - App concerns
  16. EnterJS.de 2016 Marcus Bointon - TLS https://mozilla.github.io/server-side-tls/ssl-config-generator/ Redirect to secure

    site One certificate per IP, wildcards, or use SNI Create DH params for forward secrecy At least TLSv1.0 - disable SSLv3 & bad ciphers Enable TLS session caching Staple CA certs for OCSP Deploying TLS - Server config
  17. EnterJS.de 2016 Marcus Bointon - TLS Deploying TLS - Improving

    security HTTP Strict Transport Security (HSTS) “We always encrypt” HTTP Public Key Pinning (HPKP) “Trust only these certificates” Potentially dangerous! Can apply to all subdomains Prevent MITM with preloading
  18. EnterJS.de 2016 Marcus Bointon - TLS Deploying TLS - HTTP/2

    Defined in RFC 7540 Must support TLS 1.2 Must support SNI Must support PFS (DHE) Requires at least 2048-bit DH params Must disable compression & renegotiation Must use SHA-2 certificate signatures
  19. EnterJS.de 2016 Marcus Bointon - TLS Testing TLS Click the

    padlock! openssl s_client Qualys SSL Labs: https://www.ssllabs.com/ssltest/ https://hstspreload.appspot.com/ sslyze, testssl.sh, crt.sh, report-uri.io, securityheaders.io
  20. EnterJS.de 2016 Marcus Bointon - TLS TLS in NodeJS Supported

    since v0.4 in 2011 TLS module very flexible, powerful Certificates verified by default
  21. EnterJS.de 2016 Marcus Bointon - TLS TLS Summary It can

    be free It’s fast(er) - use HTTP/2 Use TLS everywhere by default Understand vulnerabilities Simple measures maximise security Help Hansel & Gretel make it to your site safely