Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PyCon CZ 2018: SSLError, what now

Christian Heimes
June 01, 2018
Programming
0
170

PyCon CZ 2018: SSLError, what now

https://cz.pycon.org/2018/programme/detail/talk/17/

TLS/SSL is the most important and widely-used protocol for secure and encrypted communication, e.g. HTTPS. It offers more than just encryption. TLS also ensures data integrity and strong authentication with X.509 certificates. But it provides merely a false sense of security if you use it wrong.

Have you ever encountered SSLError while connecting to a server, but you didn’t understand what is going on? Are you running production code without TLS/SSL protection or with certificate validation disabled, because you couldn’t figure out how to make it work correctly?

I’ll give you the rundown of the basic cryptographic building blocks, protocol handshake, inner structure of certificates, and PKI. You’ll learn about the best practices, debugging tools and tips how to diagnose TLS/SSL and how to deal with certificates.

Christian Heimes

June 01, 2018
Tweet

More Decks by Christian Heimes

See All by Christian Heimes
Language Summit 2022: WebAssembly: Python in the browser and beyond
tiran
2
730
Python 3.11 in the web browser – A journey (PyCon DE 2022 Keynote)
tiran
5
5.2k
PyCon LT 2021 Keynote: Ask a core developer anything
tiran
0
51
Nest with Fedora: An Introduction to the FAS Replacement
tiran
0
130
ConFoo 2020: systemd for developers and devops
tiran
1
500
PyCon BY 2020: Introduction to low-level profiling and tracing
tiran
0
93
Hamburg Python Pizza 2019: ssl module 10
tiran
0
120
DevConf.IN 2019: First steps into security engineering
tiran
0
79
EuroPython 2019: Introduction to low-level profiling and tracing
tiran
1
260

Other Decks in Programming

See All in Programming
PHPはいつから死んでいるかの調査
chiroruxx
1
400
ONE WEDGE_company_guide
1wedge_one
0
470
Anthropic Cookbook のおすすめレシピ
schroneko
7
900
From Spring Boot 2 to Spring Boot 3 with Java 22 and Jakarta EE
ivargrimstad
0
1.1k
What We Can Learn From OSS
inouehi
0
420
Komplexe Oberflächen mit SVG und der Web Animation API
joergneumann
0
670
ゆるい個人開発のススメ
kuroppe1819
10
990
Rethinking UI building strategies @ SFI 2024
letelete
0
270
Netty Chicago Java User Group 2024-04-17
sullis
0
170
Git Lint
bkuhlmann
4
750
try!Swift Tokyo 2024 参加報告 LT
akidon0000
1
220
#phpcon_odawara オープン・クローズドなテストフィクスチャを求めて / open closed test fixtures
77web
3
230

Featured

See All Featured
We Have a Design System, Now What?
morganepeng
43
6.7k
RailsConf 2023
tenderlove
4
540
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
227
16k
Why Our Code Smells
bkeepers
PRO
331
56k
GraphQLの誤解/rethinking-graphql
sonatard
50
9.2k
Bash Introduction
62gerente
604
210k
Ruby is Unlike a Banana
tanoku
96
10k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
Practical Orchestrator
shlominoach
182
9.7k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
121
39k
YesSQL, Process and Tooling at Scale
rocio
164
13k
Product Roadmaps are Hard
iamctodd
44
9.7k

Transcript

  1. SSLError, what now? PyCon.CZ 2018 / Prague Christian Heimes Senior

    Software Engineer [email protected] / [email protected] @ChristianHeimes

  2. SSLError, PyCon.CZ 2018 3

  3. SSLError, PyCon.CZ 2018 4 SSLError: [ 电脑失败 ] (_ssl.c:858)

  4. SSLError, PyCon.CZ 2018 5 Who am I? • from Hamburg/Germany

    • Linux user since 1997 • Python and C developer • Python core developer since 2008 • maintainer of ssl and hashlib module • Python security team • Contributor to OpenSSL

  5. SSLError, PyCon.CZ 2018 6 Professional life • Senior Software Engineer

    at Red Hat • Security Engineering • FreeIPA Identity Management • Dogtag PKI • Custudia secrets management

  6. Agenda & Takeaways

  7. SSLError, PyCon.CZ 2018 8 Agenda • History • high level

    view • Connection errors • Crypto 101, ciphers • TLS handshake • Certifcates / Root CA • Hostname verifcation • Summary, Resources • Questions

  8. Should I deploy TLS?

  9. SSLError, PyCon.CZ 2018 10 Yes!

  10. SSLError, PyCon.CZ 2018 11 Yes, you should!

  11. SSLError, PyCon.CZ 2018 12

  12. SSLError, PyCon.CZ 2018 13 TLS has exactly one performance problem:

    it is not used widely enough. Everything else can be optimized. https://istlsfastyet.com/

  13. SSLError, PyCon.CZ 2018 14 Troy Hunt, I wanna go fast:

    HTTPS' massive speed advantage https://www.troyhunt.com/i-wanna-go-fast-https-massive-speed-advantage/

  14. SSLError, PyCon.CZ 2018 15 Troy Hunt, I wanna go fast:

    HTTPS' massive speed advantage https://www.troyhunt.com/i-wanna-go-fast-https-massive-speed-advantage/

  15. SSLError, PyCon.CZ 2018 16 Reasons to deploy TLS • Privacy

    • Security (Ad / Malware injection • Performance (HTTP/2) • SEO • User Experience (password warning)

  16. History

  17. SSLError, PyCon.CZ 2018 18 1 > 3 1.2 == 0x303

  18. SSLError, PyCon.CZ 2018 19 SSL TLS (StartTLS)

  19. SSLError, PyCon.CZ 2018 20 Secure Sockets Layer / Transport Layer

    Security • SSL 1.0 – never released • SSL 2.0 – 1995 • SSL 3.0 – 1996 • TLS 1.0 – 1999 • TLS 1.1 – 2006 • TLS 1.2 – 2008 • TLS 1.3 – 2014, 2015, 2016, 2017, 2018?

  20. SSLError, PyCon.CZ 2018 21 SSL TLS (StartTLS == opportunistic TLS)

  21. SSLError, PyCon.CZ 2018 22 TLS libraries • OpenSSL • LibreSSL

    (OpenBSD, partly incompatible fork) • BoringSSL (Google, API incompatible fork) • NSS (Mozilla Firefox) • SChannel (Microsoft) • Secure Transport (Apple) • more: GnuTLS, Java JSSE, Go crypto/tls, kTLS

  22. SSLError, PyCon.CZ 2018 23 Python libraries • ssl module •

    PyOpenSSL • python-nss • urllib3.contrib.securetransport • more...

  23. SSLError, PyCon.CZ 2018 24 ssl module $ python3 >>> import

    socket, ssl >>> ctx = ssl.create_default_context() >>> ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) >>> ctx.load_default_certs() >>> ctx.verify_mode, ctx.check_hostname (<VerifyMode.CERT_REQUIRED: 2>, True) >>> with socket.create_connection(('cz.pycon.org', 443)) as sock: ... with ctx.wrap_socket(sock, ... server_hostname='cz.pycon.org') as ssock: ... ssock.sendall(b'') $ python3 >>> import socket, ssl >>> ctx = ssl.create_default_context() >>> ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) >>> ctx.load_default_certs() >>> ctx.verify_mode, ctx.check_hostname (<VerifyMode.CERT_REQUIRED: 2>, True) >>> with socket.create_connection(('cz.pycon.org', 443)) as sock: ... with ctx.wrap_socket(sock, ... server_hostname='cz.pycon.org') as ssock: ... ssock.sendall(b'')

  24. 10,000 foot high level view

  25. SSLError, PyCon.CZ 2018 26

  26. SSLError, PyCon.CZ 2018 27 “TLS” = ”encryption”

  27. SSLError, PyCon.CZ 2018 28 Wikipedia defnition Transport Layer Security (TLS)

    – and its predecessor, Secure Sockets Layer (SSL) – are cryptographic protocols that provide communications security over a computer network. The TLS protocol aims primarily to provide privacy and data integrity between two communicating computer applications.

  28. SSLError, PyCon.CZ 2018 29 TLS core features • encrypted transport

    stream • application protocol agnostic • integrity check • replay attack protection • strong authentication of server • strong authentication of client (optional) • extensible protocol

  29. SSLError, PyCon.CZ 2018 30 TLS standard • IETF standard (Internet

    engineering task force) • IANA (Internet assigned number authority) • TLS (TCP) / DTLS (UDP) • ASN.1 • PKI with X.509 certifcates

  30. SSLError

  31. SSLError, PyCon.CZ 2018 32 Why is TLS/SSL hard • networking

    (DNS, routing, IPv4, IPv6, TCP) • complex protocol • cryptography • ASN.1 • PKI / certifcates

  32. Connection

  33. SSLError, PyCon.CZ 2018 34 TLS handshake DNS lookup TCP handshake

    ClientHello ServerHello ... ... Finish ... ... Finish ... HTTP GET ...

  34. SSLError, PyCon.CZ 2018 35 Connection issues • socket.gaierror: [Errno -2]

    Name or service not known • ConnectionRefusedError: [Errno 111] Connection refused • [SSL: WRONG_VERSION_NUMBER] wrong version number • connection blocks / timeout

  35. SSLError, PyCon.CZ 2018 36 DNS $ host www.python.org www.python.org is

    an alias for dualstack.python.map.fastly.net. dualstack.python.map.fastly.net has address 151.101.36.223 dualstack.python.map.fastly.net has IPv6 address 2a04:4e42:9::223 $ dig www.python.org ; <<>> DiG 9.11.3-RedHat-9.11.3-4.fc27 <<>> www.python.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64755 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.python.org. IN A ;; ANSWER SECTION: www.python.org. 38215 IN CNAME dualstack.python.map.fastly.net. dualstack.python.map.fastly.net. 30 IN A 151.101.36.223 ;; Query time: 30 msec ;; SERVER: 10.38.5.26#53(10.38.5.26) ;; WHEN: Wed May 30 19:08:25 CEST 2018 ;; MSG SIZE rcvd: 104 $ host www.python.org www.python.org is an alias for dualstack.python.map.fastly.net. dualstack.python.map.fastly.net has address 151.101.36.223 dualstack.python.map.fastly.net has IPv6 address 2a04:4e42:9::223 $ dig www.python.org ; <<>> DiG 9.11.3-RedHat-9.11.3-4.fc27 <<>> www.python.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64755 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.python.org. IN A ;; ANSWER SECTION: www.python.org. 38215 IN CNAME dualstack.python.map.fastly.net. dualstack.python.map.fastly.net. 30 IN A 151.101.36.223 ;; Query time: 30 msec ;; SERVER: 10.38.5.26#53(10.38.5.26) ;; WHEN: Wed May 30 19:08:25 CEST 2018 ;; MSG SIZE rcvd: 104

  36. SSLError, PyCon.CZ 2018 37 ping / traceroute $ ping www.python.org

    PING www.python.org(2a04:4e42:9::223 (2a04:4e42:9::223)) 56 data bytes 64 bytes from 2a04:4e42:9::223 (2a04:4e42:9::223): icmp_seq=1 ttl=57 time=16.5 ms 64 bytes from 2a04:4e42:9::223 (2a04:4e42:9::223): icmp_seq=2 ttl=57 time=15.5 ms $ traceroute www.python.org traceroute to www.python.org (151.101.36.223), 30 hops max, 60 byte packets 1 gateway (192.168.7.1) 0.390 ms 0.491 ms 0.663 ms 2 hhb1000cihr001.versatel.de (62.214.63.97) 6.761 ms 7.336 ms 7.565 ms 3 62.214.38.9 (62.214.38.9) 7.688 ms 8.027 ms 8.202 ms 4 62.214.37.202 (62.214.37.202) 19.592 ms 62.214.38.178 (62.214.38.178) 19.156 ms 62.214.37.202 (62.214.37.202) 19.983 ms 5 * * * $ ping www.python.org PING www.python.org(2a04:4e42:9::223 (2a04:4e42:9::223)) 56 data bytes 64 bytes from 2a04:4e42:9::223 (2a04:4e42:9::223): icmp_seq=1 ttl=57 time=16.5 ms 64 bytes from 2a04:4e42:9::223 (2a04:4e42:9::223): icmp_seq=2 ttl=57 time=15.5 ms $ traceroute www.python.org traceroute to www.python.org (151.101.36.223), 30 hops max, 60 byte packets 1 gateway (192.168.7.1) 0.390 ms 0.491 ms 0.663 ms 2 hhb1000cihr001.versatel.de (62.214.63.97) 6.761 ms 7.336 ms 7.565 ms 3 62.214.38.9 (62.214.38.9) 7.688 ms 8.027 ms 8.202 ms 4 62.214.37.202 (62.214.37.202) 19.592 ms 62.214.38.178 (62.214.38.178) 19.156 ms 62.214.37.202 (62.214.37.202) 19.983 ms 5 * * *

  37. SSLError, PyCon.CZ 2018 38 tcpdump $ tcpdump --list-interfaces ... $

    tcpdump -ilo host localhost and port 443 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes 19:45:51.506997 IP6 localhost.46972 > localhost.https: Flags [S], seq 3484797679, win 43690, options [mss 65476,sackOK,TS val 1161298182 ecr 0,nop,wscale 7], length 0 19:45:51.507022 IP6 localhost.https > localhost.46972: Flags [R.], seq 0, ack 3484797680, win 0, length 0 19:45:51.507074 IP localhost.48106 > localhost.https: Flags [S], seq 231424897, win 43690, options [mss 65495,sackOK,TS val 3260527088 ecr 0,nop,wscale 7], length 0 19:45:51.507086 IP localhost.https > localhost.48106: Flags [R.], seq 0, ack 231424898, win 0, length 0 $ tcpdump --list-interfaces ... $ tcpdump -ilo host localhost and port 443 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes 19:45:51.506997 IP6 localhost.46972 > localhost.https: Flags [S], seq 3484797679, win 43690, options [mss 65476,sackOK,TS val 1161298182 ecr 0,nop,wscale 7], length 0 19:45:51.507022 IP6 localhost.https > localhost.46972: Flags [R.], seq 0, ack 3484797680, win 0, length 0 19:45:51.507074 IP localhost.48106 > localhost.https: Flags [S], seq 231424897, win 43690, options [mss 65495,sackOK,TS val 3260527088 ecr 0,nop,wscale 7], length 0 19:45:51.507086 IP localhost.https > localhost.48106: Flags [R.], seq 0, ack 231424898, win 0, length 0

  38. SSLError, PyCon.CZ 2018 39 curl -s -v https://HOST >/dev/null

  39. SSLError, PyCon.CZ 2018 40 Tools • host, dig • ping,

    traceroute • tcpdump, wireshark • curl, wget • nmap • read logs • frewall logs • HTTP

  40. SSLError, PyCon.CZ 2018 41 Use your browser!

  41. TLS handshake

  42. SSLError, PyCon.CZ 2018 43 TLS handshake DNS lookup TCP handshake

    ClientHello Supported cipher suites max version, client random, ... ServerHello select cipher suite version, server random, ... ... ... Finish ... ... Finish ... HTTP GET ...

  43. SSLError, PyCon.CZ 2018 44 [SSL: WRONG_VERSION_NUMBER] Connection hangs It's not

    TLS/SSL!

  44. SSLError, PyCon.CZ 2018 45 Unsupported / wrong protocol • SSLV3_ALERT_HANDSHAKE_FAILURE

    • failed to negotiate acceptable TLS/SSL parameters • TLSV1_ALERT_PROTOCOL_VERSION • recognized but unsupported protocol • [SSL] called a function you should not call • TLS_PROTOCOL_SERVER on client-side

  45. SSLError, PyCon.CZ 2018 46 SSLV3_ALERT_HANDSHAKE_FAILURE TLS Alert (40): handshake_failure •

    no cipher suite overlap • unsupported TLS version (sometimes) • other bad/unsupported handshake parameters • EC curves • signatures algorithms • ...

  46. SSLError, PyCon.CZ 2018 47 sslscan $ sslscan www.python.org ... Supported

    Server Cipher(s): Rejected SSLv3 256 bits ECDHE-RSA-AES256-SHA Rejected SSLv3 256 bits ECDHE-ECDSA-AES256-SHA Failed SSLv3 256 bits DH-DSS-AES256-GCM-SHA384 ... Rejected TLS11 0 bits NULL-MD5 Accepted TLS12 256 bits ECDHE-RSA-AES256-GCM-SHA384 ... Accepted TLS12 128 bits ECDHE-RSA-AES128-GCM-SHA256 Rejected TLS12 128 bits ECDHE-ECDSA-AES128-GCM-SHA256 Accepted TLS12 128 bits ECDHE-RSA-AES128-SHA256 ... $ sslscan www.python.org ... Supported Server Cipher(s): Rejected SSLv3 256 bits ECDHE-RSA-AES256-SHA Rejected SSLv3 256 bits ECDHE-ECDSA-AES256-SHA Failed SSLv3 256 bits DH-DSS-AES256-GCM-SHA384 ... Rejected TLS11 0 bits NULL-MD5 Accepted TLS12 256 bits ECDHE-RSA-AES256-GCM-SHA384 ... Accepted TLS12 128 bits ECDHE-RSA-AES128-GCM-SHA256 Rejected TLS12 128 bits ECDHE-ECDSA-AES128-GCM-SHA256 Accepted TLS12 128 bits ECDHE-RSA-AES128-SHA256 ...

  47. Cipher Suites Crypto 101

  48. SSLError, PyCon.CZ 2018 49 Cryptographically secure hash functions Hash functions

    for MAC, signatures, and more. • MD5 • SHA (SHA1) • SHA2 • SHA-256 • SHA-384

  49. SSLError, PyCon.CZ 2018 50 Symmetric-key algorithm (bulk encryption) Same key

    for encryption and decryption. • DES • Triple DES (3DES) • RC4 • AES (AES-128, AES-256) • CHACHA20

  50. SSLError, PyCon.CZ 2018 51

  51. SSLError, PyCon.CZ 2018 52

  52. SSLError, PyCon.CZ 2018 53 Symmetric-key algorithm (2) • Padding •

    Mode of operation • CBC • GCM • Authenticated encryption • CBC with MtE • AEAD (GCM, Poly1305)

  53. SSLError, PyCon.CZ 2018 54 Asymmetric cryptographic algorithms public / private

    key cryptography • asymmetric encryption • signatures • key agreement

  54. SSLError, PyCon.CZ 2018 55 PUBLIC KEY KRÜPTO idea-instructions.com/public-key/ v1.0, CC

    by-nc-sa 4.0

  55. SSLError, PyCon.CZ 2018 56 Asymmetric encryption public key encrypts, private

    key decrypts • ElGamal encryption • RSA encryption (PKCS#1) • RSAES-PKCS1-v1.5 • RSAES-OAEP

  56. SSLError, PyCon.CZ 2018 57 Asymmetric signatures private key signs hash

    of message message, public key verifes • RSA signature (PKCS#1) • RSASSA-PKCS1-v1.5 • RSAES-PSS • DSS (DSA) • ECDSA (secp256r1, secp384r1, …) • EdDSA (Edward Curve25519, …)

  57. SSLError, PyCon.CZ 2018 58 Key agreement protocol own private key

    + peer's public = key • fnite feld Diffe-Hellman (DH) • elliptic curve Diffe-Hellman (ECDH) • ephemeral DH / ECDH Common secret = = Secret colours + + (assume that mixture separation is expensive) Public transport = = Secret colours + + Common paint Alice Bob

  58. SSLError, PyCon.CZ 2018 59 Misc • random numbers generator (CPRNG)

    • HMAC • Key Derivation Function (KDF) • Key Wrapping (KW) • …

  59. SSLError, PyCon.CZ 2018 60 Cryptographic building blocks • key agreement

    / exchange • authentication algorithm • bulk encryption (symmetric) • cipher mode • one-way function for message authentication (MAC)

  60. SSLError, PyCon.CZ 2018 61 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 SSL_RSA_WITH_NULL_MD5

  61. SSLError, PyCon.CZ 2018 62 IANA names != OpenSSL cipher suites

    • TLS_RSA_WITH_AES_256_CBC_SHA256 • AES256-SHA256 • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA • ECDHE-ECDSA-AES256-GCM-SHA384 • TLS_RSA_WITH_3DES_EDE_CBC_SHA • DES-CBC3-SHA

  62. SSLError, PyCon.CZ 2018 63 ssl module ciphers $ python3 >>>

    import ssl, pprint >>> ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) >>> ctx.set_ciphers('AES256-SHA256') >>> pprint.pprint(ctx.get_ciphers()) [{'aead': False, 'alg_bits': 256, 'auth': 'auth-rsa', 'description': 'AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA ' 'Enc=AES(256) Mac=SHA256', 'digest': 'sha256', 'id': 50331709, 'kea': 'kx-rsa', 'name': 'AES256-SHA256', 'protocol': 'TLSv1.2', 'strength_bits': 256, 'symmetric': 'aes-256-cbc'}] $ python3 >>> import ssl, pprint >>> ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) >>> ctx.set_ciphers('AES256-SHA256') >>> pprint.pprint(ctx.get_ciphers()) [{'aead': False, 'alg_bits': 256, 'auth': 'auth-rsa', 'description': 'AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA ' 'Enc=AES(256) Mac=SHA256', 'digest': 'sha256', 'id': 50331709, 'kea': 'kx-rsa', 'name': 'AES256-SHA256', 'protocol': 'TLSv1.2', 'strength_bits': 256, 'symmetric': 'aes-256-cbc'}]

  63. TLS handshake Part 2

  64. SSLError, PyCon.CZ 2018 65 TLS handshake with RSA key exchange

    DNS lookup TCP handshake ClientHello Supported cipher suites max version, client random, ... ServerHello select cipher suite version, server random, ... Certifcate Chain ServerHelloDone Finish MAC of handshake message ChangeCipherSpec ClientKeyChange RSA encrypted pre-master secret Finish MAC of handshake message ChangeCipherSpec HTTP GET (verify mac)

  65. SSLError, PyCon.CZ 2018 66 openssl s_client \ -connect www.python.org:443 \

    -servername www.python.org \ -cipher AES256-SHA256

  66. SSLError, PyCon.CZ 2018 67 openssl s_client \ -connect badssl.com:443 \

    -servername badssl.com \ -cipher AES256-SHA256

  67. SSLError, PyCon.CZ 2018 68 TLS handshake with RSA key exchange

    ✔ negotiate TLS version ✔ negotiate cipher suite ✔ validate server cert chain ✔ replay protection: MAC client/server random ✗ no forward secrecy

  68. SSLError, PyCon.CZ 2018 69 TLS handshake with Diffe-Hellman ClientHello Supported

    cipher suites max version, client random, ... Finish MAC of handshake message ChangeCipherSpec ClientKeyChange Diffe-Hellman server params Finish MAC of handshake message ChangeCipherSpec HTTP GET (verify mac) ServerHello select cipher suite version, server random, ... Certifcate Chain ServerHelloDone ServerKeyExchange Diffe-Hellman server params Signature

  69. SSLError, PyCon.CZ 2018 70 openssl s_client \ -connect www.python.org:443 \

    -servername www.python.org \ -cipher ECDHE-RSA-AES128-GCM-SHA256

  70. SSLError, PyCon.CZ 2018 71 Ephemeral Diffe-Hellman ✔ negotiate TLS version

    ✔ negotiate cipher suite ✔ validate server cert chain ✔ replay protection: MAC client/server random ✔ perfect forward secrecy ✗ actually no PFS for session resumption… fxed in TLS 1.3

  71. Certifcates & Public Key Infrastructure

  72. SSLError, PyCon.CZ 2018 73 X.509 certifcates • ASN.1 • CER/DER:

    binary ASN.1 • PEM: base64 encoded ASN.1 + header/footer • P12, PFX: PKCS#12 safe bags • cert / private key pair • content • public key • metadata • extensions • issuer signature

  73. SSLError, PyCon.CZ 2018 74 openssl x509 \ -text -noout \

    -in filename

  74. SSLError, PyCon.CZ 2018 75 Certifcate Certificate: Data: Version: 3 (0x2)

    Serial Number: 03:ef:52:f7:cc:f8:09:0d:4d:5d:29:f6:3a:fd:ae:42:a7:7a Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 Validity Not Before: Apr 3 21:18:23 2018 GMT Not After : Jul 2 21:18:23 2018 GMT Subject: CN = cz.pycon.org Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:f0:2a:78:0a:4a:31:28:6a:70:... Exponent: 65537 (0x10001) Certificate: Data: Version: 3 (0x2) Serial Number: 03:ef:52:f7:cc:f8:09:0d:4d:5d:29:f6:3a:fd:ae:42:a7:7a Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 Validity Not Before: Apr 3 21:18:23 2018 GMT Not After : Jul 2 21:18:23 2018 GMT Subject: CN = cz.pycon.org Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:f0:2a:78:0a:4a:31:28:6a:70:... Exponent: 65537 (0x10001)

  75. SSLError, PyCon.CZ 2018 76 Certifcate extension X509v3 extensions: X509v3 Key

    Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: B3:F4:37:40:A6:AE:77:3C:A1:19:F8:AA:D2:C7:41:F5:6B:8A:D2:D8 X509v3 Authority Key Identifier: keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1 Authority Information Access: OCSP - URI:http://ocsp.int-x3.letsencrypt.org CA Issuers - URI:http://cert.int-x3.letsencrypt.org/ X509v3 Subject Alternative Name: DNS:cz.pycon.org Signature Algorithm: sha256WithRSAEncryption 95:d3:cb:ec:c3:63:1e:41:c8:ab:37:3d:09:a6:... X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: B3:F4:37:40:A6:AE:77:3C:A1:19:F8:AA:D2:C7:41:F5:6B:8A:D2:D8 X509v3 Authority Key Identifier: keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1 Authority Information Access: OCSP - URI:http://ocsp.int-x3.letsencrypt.org CA Issuers - URI:http://cert.int-x3.letsencrypt.org/ X509v3 Subject Alternative Name: DNS:cz.pycon.org Signature Algorithm: sha256WithRSAEncryption 95:d3:cb:ec:c3:63:1e:41:c8:ab:37:3d:09:a6:...

  76. SSLError, PyCon.CZ 2018 77 Certifcate types • trust anchors (root

    CA certs) • intermediate CA certs • end-entity certs • server • client • code signing • email • CRL/OCSP signing • ... root CA self-signs intermediate CA 1 intermediate CA 2 signs end-entity cert signs signs

  77. SSLError, PyCon.CZ 2018 78 Certifcate types (2) • root CA

    • Basic Constraints: CA True, no pathlen restriction • Key Usage: cert signer, CRL signer • intermediate CA certs • Basic Constraints: CA True, pathlen: …, 3, 2, 1 • Key Usage: cert signer, CRL signer • end-entity certs • Basic Constraints: CA False • Key Usage: Digital Signature, Key Encipherment • Extended Key Usage: TLS server • Subject Alternative Name: dNSName:cz.pycon.org

  78. SSLError, PyCon.CZ 2018 79 Cert chain $ openssl s_client \

    -connect cz.pycon.org:443 -servername cz.pycon.org ... --- Certificate chain 0 s:/CN=cz.pycon.org i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 ... $ openssl s_client ... | openssl x509 -text -noout $ openssl s_client \ -connect cz.pycon.org:443 -servername cz.pycon.org ... --- Certificate chain 0 s:/CN=cz.pycon.org i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 ... $ openssl s_client ... | openssl x509 -text -noout

  79. SSLError, PyCon.CZ 2018 80 Extended validation cert?

  80. SSLError, PyCon.CZ 2018 81 Private keys

  81. Cert validation issues [SSL: CERTIFICATE_VERIFY_FAILED] certifcate verify failed

  82. SSLError, PyCon.CZ 2018 83 Get verifcation error (Python 3.6) $

    openssl s_client \ -connect expired.badssl.com:443 \ -servername expired.badssl.com ... SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 ... Start Time: 1527832087 Timeout : 7200 (sec) Verify return code: 10 (certificate has expired) Extended master secret: no $ openssl s_client \ -connect expired.badssl.com:443 \ -servername expired.badssl.com ... SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 ... Start Time: 1527832087 Timeout : 7200 (sec) Verify return code: 10 (certificate has expired) Extended master secret: no

  83. SSLError, PyCon.CZ 2018 84 Certifcate verifcation • certifcate has expired

    • get a new certifcate • certifcate is not yet valid • check clocks • key usage does not include digital signature / handshake_failure • X509v3 key usage: Digital Signature, Key Encipherment

  84. SSLError, PyCon.CZ 2018 85 Certifcate chain failures • self signed

    certifcate • test cert? • unable to verify the frst certifcate • no intermediate CAs • unable to get local issuer certifcate • root CA missing locally • self signed certifcate in certifcate chain • root CA in chain, but missing locally

  85. SSLError, PyCon.CZ 2018 86 Python 3.7 Traceback (most recent call

    last): .. File "/home/heimes/dev/python/3.7/Lib/ssl.py", line 1108, in do_handshake self._sslobj.do_handshake() ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1045) Traceback (most recent call last): .. File "/home/heimes/dev/python/3.7/Lib/ssl.py", line 1108, in do_handshake self._sslobj.do_handshake() ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1045)

  86. Root CA

  87. SSLError, PyCon.CZ 2018 88 Trust anchors / root CAs •

    Linux, BSD • fle / directory, path compiled into OpenSSL • requests, pip • certif package • Windows • crypt32 CertOpenStore() hack • macOS • system Python: TEA (trusted evaluation agent) • Python.org installer: certif

  88. SSLError, PyCon.CZ 2018 89 Linux CA stores # Taken from

    https://golang.org/src/crypto/x509/root_linux.go _CERTIFICATE_FILE_LOCATIONS = [ "/etc/ssl/certs/ca-certificates.crt", # Debian/Ubuntu/Gentoo etc. "/etc/pki/tls/certs/ca-bundle.crt", # Fedora/RHEL 6 "/etc/ssl/ca-bundle.pem", # OpenSUSE "/etc/pki/tls/cacert.pem", # OpenELEC "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", # CentOS/RHEL 7 ] # Taken from https://golang.org/src/crypto/x509/root_linux.go _CERTIFICATE_FILE_LOCATIONS = [ "/etc/ssl/certs/ca-certificates.crt", # Debian/Ubuntu/Gentoo etc. "/etc/pki/tls/certs/ca-bundle.crt", # Fedora/RHEL 6 "/etc/ssl/ca-bundle.pem", # OpenSUSE "/etc/pki/tls/cacert.pem", # OpenELEC "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", # CentOS/RHEL 7 ]

  89. SSLError, PyCon.CZ 2018 90 OpenSSL verify paths >>> ssl.get_default_verify_paths() DefaultVerifyPaths(

    cafile='/etc/pki/tls/cert.pem', capath='/etc/pki/tls/certs', openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/etc/pki/tls/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/etc/pki/tls/certs') >>> ssl.get_default_verify_paths() DefaultVerifyPaths( cafile='/etc/pki/tls/cert.pem', capath='/etc/pki/tls/certs', openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/etc/pki/tls/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/etc/pki/tls/certs')

  90. SSLError, PyCon.CZ 2018 91 certif

  91. Hostname validation

  92. SSLError, PyCon.CZ 2018 93 Hostname verifcation Certificate: Data: ... Subject:

    CN = cz.pycon.org ... X509v3 extensions: X509v3 Subject Alternative Name: DNS:cz.pycon.org Certificate: Data: ... Subject: CN = cz.pycon.org ... X509v3 extensions: X509v3 Subject Alternative Name: DNS:cz.pycon.org

  93. SSLError, PyCon.CZ 2018 94 Don't roll your own verifcation •

    CN/SAN • wildcards • internationalized domain names (IDNA) • > 6 bugs in Python's hostname verifcation code • CVE-2013-2099, #12000, #17997, #17305, #30141 • Python 3.7 uses X509_VERIFY_PARAM_set1_host() OpenSSL 1.0.2+ / LibreSSL 2.7.0

  94. SSLError, PyCon.CZ 2018 95

  95. Remark HTTP, HTTP/2

  96. SSLError, PyCon.CZ 2018 99 HTTP, HTTP/2 • Server Name Indication

    (SNI) host == HTTP Host • H/2 requires TLS 1.2 with PFS • ALPN

  97. Summary Resources

  98. SSLError, PyCon.CZ 2018 102 How to debug SSLError • check

    connection • openssl s_client • openssl x509 • curl -s -v • check logs • tcpdump + wireshark • update to Python 3.7

  99. SSLError, PyCon.CZ 2018 103 Tools • Wireshark, tcpdump • openssl

    command line (s_client, x509, verify) • curl • sslscan • strace, ptrace, ltrace • https://www.ssllabs.com/ssltest/ • https://lapo.it/asn1js/

  100. SSLError, PyCon.CZ 2018 104 Books

  101. SSLError, PyCon.CZ 2018 105 Resources • https://istlsfastyet.com/ • Deploying TLS

    1.3: the great, the good and the bad (33c3) https://www.youtube.com/watch?v=0opakLwtPWk

  102. THANK YOU plus.google.com/+RedHat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHat linkedin.com/company/red-hat