Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Getting TLS Right

Zack Tollman
March 14, 2015
Technology
0
360

Getting TLS Right

Not all TLS deployments are created equal. Poorly configured TLS can can trick users into thinking their browsing experience is safe, yet leave them vulnerable to devastating man in the middle attacks, surveillance, and identity theft. Not to mention, a janky TLS setup can slow your otherwise performant site to a halt. In my talk, I will provide a primer on how to set up TLS for strong security and excellent performance. Additionally, I will discuss the TLS protocol to better familiarize the audience about the way that certificate and public key cryptography works to provide a secure web experience.

Zack Tollman

March 14, 2015
Tweet

More Decks by Zack Tollman

See All by Zack Tollman
Defining Fast: The Hardest Problem in Performance Engineering
tollmanz
0
73
Defining Fast: The Hardest Problem in Performance Engineering
tollmanz
0
99
ReWIRED: Moving WIRED.com from WordPress to Node
tollmanz
0
190
Put an "S" on it: Moving a Large Publishing Site to HTTPS
tollmanz
1
110
Building Custom User Experiences from the Edge
tollmanz
0
94
HTTPS Migrations: The Hard Parts
tollmanz
0
220
HTTPS is Coming: Are You Prepared? (Velocity 2016)
tollmanz
0
160
Understanding HTTPS and TLS
tollmanz
0
180
HTTPS Is Coming - WP SFO
tollmanz
0
92

Other Decks in Technology

See All in Technology
Terraformあれやこれ/terraform-this-and-that
emiki
8
1.3k
SIEMを用いて、セキュリティログ分析の可視化と分析を実現し、PDCAサイクルを回してみた
coconala_engineer
0
280
Cloud Native Java with Spring Boot (CNCF Aarhus, April 2024)
thomasvitale
1
160
KubeConにproposalを送りたい人へのアドバイス
sat
PRO
3
230
MySQL の SQL クエリチューニングの要所を掴む勉強会
andpad
2
6k
Compose Compiler Metricsを使った実践的なコードレビュー
tomorrowkey
1
220
Postman v10リリース後を振り返る / Looking back at Postman v10 after release
yokawasa
1
150
オーナーシップを持つ領域を明確にする
konifar
13
3.1k
Reducing Cross-Zone Egress at Spotify with Custom gRPC Load Balancing Recap
koh_naga
0
190
Next'24 事例セッションの紹介とクラウド資格を活用したキャリア形成について語りMuscle
yasumuusan
1
430
VS CodeでAWSを操作しよう
smt7174
7
1.6k
KubeCon EU 2024 Recap “Kubernetes Policy Time Machine: Where to Next?”
ryysud
0
200

Featured

See All Featured
GitHub's CSS Performance
jonrohan
1025
450k
Optimizing for Happiness
mojombo
370
69k
Teambox: Starting and Learning
jrom
128
8.4k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.9k
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
155
14k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
274
13k
A Philosophy of Restraint
colly
197
16k
Put a Button on it: Removing Barriers to Going Fast.
kastner
58
3k
Writing Fast Ruby
sferik
621
60k
The Invisible Side of Design
smashingmag
294
49k
Navigating Team Friction
lara
178
13k

Transcript

  1. Getting TLS Right @tollmanz Zack Tollman

  2. TLS is hot right now

  3. We implement TLS poorly

  4. SSL Pulse Reviews SSL/TLS sites in Alexa’s Top 300k sites

    https://www.trustworthyinternet.org/ssl-pulse/

  5. 474 are vulnerable to heartbleed

  6. 21.0% use weak ciphers

  7. 47.3% support SSLv3

  8. 38.3% do no support Forward Secrecy

  9. 97.3% do not use HSTS

  10. 83.6% are insecure

  11. “misconfiguration errors are undermining the potential security” Kranch & Bonneau

    (2015) http://www.internetsociety.org/sites/default/files/01_4_0.pdf

  12. “developers who should be in the best position to understand

    these new tools” Kranch & Bonneau (2015) http://www.internetsociety.org/sites/default/files/01_4_0.pdf

  13. “industry-wide configuration problem with the deployment of DHE key exchange"

    Huang, Adhikarla, Boneh, & Jackson (2014) http://www.w2spconf.com/2014/papers/TLS.pdf

  14. Why?

  15. Why?

  16. Why?

  17. Unless you are a cryptographer, this stuff is hard

  18. Copying and pasting is easy

  19. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /path/to/public.crt; ssl_certificate_key /path/to/private.key; ssl_prefer_server_ciphers on;

    ssl_ciphers ECDHE-RSA-AES128-GCM- SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE- RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256- GCM-SHA384…; https://github.com/igrigorik/istlsfastyet.com/blob/master/nginx/includes/ssl.conf

  20. Knowing what you are doing is hard

  21. TLS Basics

  22. Transport Layer Security

  23. SSLv2 SSLv3 TLSv1.0 TLSv1.1 TLSv1.2

  24. SSLv2 1995 SSLv3 1996 TLSv1.0 1999 TLSv1.1 2006 TLSv1.2 2008

  25. SSLv2 1995 PHP Tools SSLv3 1996 PHP/FI (2.0) TLSv1.0 1999

    PHP 3.0 TLSv1.1 2006 PHP 5.2 TLSv1.2 2008 PHP 5.2.8

  26. SSLv2 1995 MITM SSLv3 1996 POODLE TLSv1.0 1999 BEAST TLSv1.1

    2006 TLSv1.2 2008

  27. Provides authentication, encryption, integrity, and key exchange

  28. Authentication

  29. Encryption

  30. Integrity

  31. Key exchange

  32. Compromise of any of these, compromises the whole system

  33. Cipher Suites

  34. Combination of algorithms for authentication, encryption, integrity and key exchange

  35. ECDHE-RSA-AES128-GCM-SHA256

  36. ECDHE-RSA-AES128-GCM-SHA256 Key Exchange

  37. ECDHE-RSA-AES128-GCM-SHA256 Certificate signing algorithm (authentication)

  38. ECDHE-RSA-AES128-GCM-SHA256 Cipher (Encryption)

  39. ECDHE-RSA-AES128-GCM-SHA256 Message authentication code (integrity)

  40. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128- GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH +AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA- AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA- AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-

    SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256- SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128- SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES- CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3- SHA
  41. None
  42. None

  43. TLS Handshake

  44. Client presents supported cipher suites

  45. Server chooses suite to use

  46. Certificate sent to client

  47. Verified with signing algorithm to authenticate the certificate

  48. ECDHE-RSA-AES128-GCM-SHA256

  49. RSA is the most widely supported signing mechanism

  50. Recommendation RSA for Certificate Authentication but ECDSA will be the

    new hotness

  51. Key exchange

  52. Negotiate the key for encryption and decryption

  53. ECDHE-RSA-AES128-GCM-SHA256

  54. Preferring Ephemeral Diffie Hellman algorithms give you Perfect Forward Secrecy

  55. Guarantees a different key for each connection

  56. RSA uses the same key for each connection

  57. Recommendation ECDHE for Key Exchange

  58. Server is verified and keys are negotiated

  59. Key is used by encryption algorithm

  60. ECDHE-RSA-AES128-GCM-SHA256

  61. Advanced Encryption Standard (AES) is the only real option

  62. Other ciphers have known weaknesses

  63. Can choose between 128 and 256 bit encryption

  64. Recommendation AES-128-GCM for encryption but watch for ChaCha20

  65. Encrypted messages are signed to guarantee integrity

  66. SHA-256 and SHA-384 are the two practical options

  67. Recommendation SHA-256 for MAC but watch for Poly1305

  68. So…huh?

  69. Use Mozilla’s guide https://wiki.mozilla.org/Security/ Server_Side_TLS

  70. HTTP Strict Transport Security

  71. SSL Stripping http://www.thoughtcrime.org/software/sslstrip/

  72. What if HTTP variant was never accessed?

  73. HSTS blocks browser from HTTP version of site

  74. Recommendation Set HSTS headers

  75. Set HSTS only after mixed content issues are resolved

  76. Content Security Policy

  77. Mixed content warnings are bad

  78. Whitelist assets loaded on your site

  79. Whitelist only HTTPS assets

  80. Use report-only variant

  81. Current recommendation Use CSP headers

  82. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  83. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  84. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  85. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  86. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  87. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  88. Content-Security-Policy-Report- Only: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self'

    https:; style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com; report-uri /beacon.php

  89. HTTPS Mixed Content Detector Plugin for WordPress

  90. Do your homework

  91. Make good decisions

  92. Maintain your TLS config like you maintain your code

  93. The Code Book Simon Singh High Performance Browser Networking (TLS

    Chapter) Ilya Grigorik Bulletproof SSL and TLS Ivan Ristic SSL and TLS: Designing and Building Secure Systems Eric Rescorla

  94. @tollmanz tollmanz.com/mwphp15 Zack Tollman