Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hansel & Gretel do TLS - PHPSW 2020

Hansel & Gretel do TLS - PHPSW 2020

Effective encryption is a vital component of a safe and secure internet, especially since the arrival of HTTP/2. Many sites and mobile apps still don't use TLS to encrypt their traffic, often citing some kind of fear over the complexity of it all, or if they do, they make a mess of it, resulting in a literal false sense of security. The basics of TLS encryption are straightforward, but the practical realities run into a bewildering forest of acronyms. This talk gives you a breadcrumb trail through the backwoods of TLS, OCSP, ECDHE, ALPN, HTTP/2, HSTS, CT, and more, including the latest changes in TLS 1.3.

You'll get an overview of what problems TLS solves, how it works, its component pieces, how they fit together, where vulnerabilities and mitigations apply, and what tools and resources can help you get up to speed, and keep the wicked witch away!

This presentation was given online for PHPSW 2020 on May 13th, 2020.

Marcus Bointon

May 13, 2020

More Decks by Marcus Bointon

Other Decks in Technology


  1. Marcus Bointon - TLS PHPSW 2020 What is TLS? Transport

    Layer Security protocol The new(ish) name for SSL - Since 1999 Versions: SSLv2, SSLv3, TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3 A set of standards for security & encryption Can wrap around any higher-level protocol HTTP, SMTP, FTP, IMAP, DNS, etc Popular implementations: OpenSSL, LibreSSL, BoringSSL
  2. Marcus Bointon - TLS PHPSW 2020 Why use TLS? Provides

    confidentiality, authenticity & integrity Better performance with HTTP/2 Google will rank you higher Required for iOS apps Chrome 50 disabled HTTP GeoLocation Keeps the wicked witch out
  3. Marcus Bointon - TLS PHPSW 2020 Toolkit: Hashes, MACs, Ciphers

    & KX Hashes produce a fixed-length digest from data; integrity MD5, SHA1, SHA2 (SHA256, SHA384, SHA512) Message Authentication Code (MAC): data + a key; authenticity HMAC-MD5, HMAC-SHA256, Poly1305 Ciphers; encryption algorithms; confidentiality Integer factoring, elliptic curve ("EC"), symmetric, asymmetric RC4, AES, 3DES, RSA, ChaCha20 Key Exchange RSA, Diffie-Hellman ("DH"), x25519, x448, EC, "Ephemeral", ECDHE
  4. Marcus Bointon - TLS PHPSW 2020 New in TLS 1.3

    Removal of all weak and legacy algorithms & extensions Moar encryption Lower handshake overhead All ciphers support forward secrecy Elliptic curve ciphers as standard Downgrade protection
  5. PHPSW 2020 Marcus Bointon - TLS TLS 1.3 Handshake ClientHello

    Cipher Suite List Key Share ServerHello Cipher Suite Key Share Certificate & Signature Server Finished Client Finished HTTP Request HTTP Response 200ms
  6. PHPSW 2020 Marcus Bointon - TLS TLS 1.3 Resumption ClientHello

    Session ticket Key Share HTTP GET ServerHello Key Share Server Finished HTTP Response 0-RTT!
  7. PHPSW 2020 Marcus Bointon - TLS Diffie-Hellman Key Exchange Alice

    Bob Random colour Secret colour + + + + = = = = Secret colour Common secret Exchange intermediate colours
  8. Marcus Bointon - TLS PHPSW 2020 Creating certificates Create a

    public/private key pair At least 2048 bits for RSA, 256 for ECC Create a certificate signing request (CSR) Use SHA-2 signature Sign the CSR to create a public certificate Yourself… By a Certificate Authority (CA)
  9. Marcus Bointon - TLS PHPSW 2020 Intermediate CA certificate Certificate

    chains Browser & OS certificate store Root CA certificate Site certificate Server certificate store Root CA certificate
  10. Marcus Bointon - TLS PHPSW 2020 CRLs, OCSP & Stapling

    How to find out if a cert has been revoked? Browser asks the CA — OCSP Our site becomes dependent on CA's site CA's site becomes a privacy leak risk Get the server to ask the CA in advance Staple the proof of validity to the certificate Can't fake it because it's signed by the CA Browser Server CA Browser Server CA
  11. Marcus Bointon - TLS PHPSW 2020 Use TLS by default,

    keeps things simple Don’t use protocol-relative URLs (//…) Avoid mixed mode: https + http HSTS & CSP can auto-upgrade Create proxies if HTTPS not available Cookies: set httponly, secure, samesite flags Deploying TLS - App concerns
  12. Marcus Bointon - TLS PHPSW 2020 https://mozilla.github.io/server-side-tls/ssl-config-generator/ Redirect to secure

    site Use SNI + SAN to host multiple domains on one IP Create DH params for forward secrecy At least TLSv1.2 — disable old & weak ciphers Enable TLS session caching Staple CA certs for OCSP Deploying TLS - Server config
  13. Marcus Bointon - TLS PHPSW 2020 Deploying TLS - Improving

    security HTTP Strict Transport Security (HSTS) header “We always encrypt” Certificate Authority Authorisation in DNS “Permit only these CAs to issue certs” Content Security Policy (CSP) header “Permit only these sources” Expect-CT header Check that the cert was issued correctly
  14. Marcus Bointon - TLS PHPSW 2020 Testing TLS Click the

    padlock! openssl s_client Qualys SSL Labs: https://www.ssllabs.com/ssltest/ https://hstspreload.appspot.com/ observatory.mozilla.org, testssl.sh, crt.sh, report-uri.com, securityheaders.com, webbkoll.dataskydd.net
  15. Marcus Bointon - TLS PHPSW 2020 TLS Summary It can

    be free It’s fast(er) - use HTTP/2 Use TLS everywhere by default Simple measures maximise security Help Hansel & Gretel make it to your site safely
  16. PHPSW 2020 Marcus Bointon - TLS Thank you Feedback please:

    https://joind.in/talk/7ce30 https://speakerdeck.com/synchro/hansel-and-gretel- do-tls-phpsw-2020 Marcus Bointon, [email protected] @SynchroM & @PrivacySpider Synchro on GitHub & Stack Exchange