Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Getting TLS Right

Zack Tollman
March 14, 2015
Technology
0
430

Getting TLS Right

Not all TLS deployments are created equal. Poorly configured TLS can can trick users into thinking their browsing experience is safe, yet leave them vulnerable to devastating man in the middle attacks, surveillance, and identity theft. Not to mention, a janky TLS setup can slow your otherwise performant site to a halt. In my talk, I will provide a primer on how to set up TLS for strong security and excellent performance. Additionally, I will discuss the TLS protocol to better familiarize the audience about the way that certificate and public key cryptography works to provide a secure web experience.

Zack Tollman

March 14, 2015
Tweet

More Decks by Zack Tollman

See All by Zack Tollman
Defining Fast: The Hardest Problem in Performance Engineering
tollmanz
0
86
Defining Fast: The Hardest Problem in Performance Engineering
tollmanz
0
150
ReWIRED: Moving WIRED.com from WordPress to Node
tollmanz
0
290
Put an "S" on it: Moving a Large Publishing Site to HTTPS
tollmanz
1
150
Building Custom User Experiences from the Edge
tollmanz
0
120
HTTPS Migrations: The Hard Parts
tollmanz
0
360
HTTPS is Coming: Are You Prepared? (Velocity 2016)
tollmanz
0
200
Understanding HTTPS and TLS
tollmanz
0
190
HTTPS Is Coming - WP SFO
tollmanz
0
110

Other Decks in Technology

See All in Technology
LLM as プロダクト開発のパワードスーツ
layerx
PRO
1
210
MCP Documentation Server @AI Coding Meetup #1
yyoshiki41
2
2.6k
Webアプリを Lambdaで動かすまでに考えること / How to implement monolithic Lambda Web Application
_kensh
7
1.2k
Tokyo dbt Meetup #13 dbtと連携するBI製品&機能ざっくり紹介
sagara
0
430
YOLOv10~v12
tenten0727
4
900
2025年春に見直したい、リソース最適化の基本
sogaoh
PRO
0
470
Micro Frontends: Necessity, Implementation, and Challenges
rainerhahnekamp
2
370
7,000名規模の​ 人材サービス企業における​ プロダクト戦略・戦術と課題​ / Product strategy, tactics and challenges for a 7,000-employee staffing company
techtekt
0
270
食べログが挑む!飲食店ネット予約システムで自動テスト無双して手動テストゼロを実現する戦略
hagevvashi
3
320
Automatically generating types by running tests
sinsoku
2
570
CBになったのでEKSのこともっと知ってもらいたい!
daitak
1
160
やさしいMCP入門
minorun365
PRO
149
97k

Featured

See All Featured
A Modern Web Designer's Workflow
chriscoyier
693
190k
Faster Mobile Websites
deanohume
306
31k
We Have a Design System, Now What?
morganepeng
52
7.5k
For a Future-Friendly Web
brad_frost
176
9.7k
Automating Front-end Workflow
addyosmani
1369
200k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.6k
The Cost Of JavaScript in 2023
addyosmani
49
7.7k
[RailsConf 2023] Rails as a piece of cake
palkan
54
5.4k
Unsuck your backbone
ammeep
670
57k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
47
2.5k
Producing Creativity
orderedlist
PRO
344
40k
How STYLIGHT went responsive
nonsquared
99
5.5k

Transcript

  1. Getting TLS Right @tollmanz Zack Tollman

  2. TLS is hot right now

  3. We implement TLS poorly

  4. SSL Pulse Reviews SSL/TLS sites in Alexa’s Top 300k sites

    https://www.trustworthyinternet.org/ssl-pulse/

  5. 474 are vulnerable to heartbleed

  6. 21.0% use weak ciphers

  7. 47.3% support SSLv3

  8. 38.3% do no support Forward Secrecy

  9. 97.3% do not use HSTS

  10. 83.6% are insecure

  11. “misconfiguration errors are undermining the potential security” Kranch & Bonneau

    (2015) http://www.internetsociety.org/sites/default/files/01_4_0.pdf

  12. “developers who should be in the best position to understand

    these new tools” Kranch & Bonneau (2015) http://www.internetsociety.org/sites/default/files/01_4_0.pdf

  13. “industry-wide configuration problem with the deployment of DHE key exchange"

    Huang, Adhikarla, Boneh, & Jackson (2014) http://www.w2spconf.com/2014/papers/TLS.pdf

  14. Why?

  15. Why?

  16. Why?

  17. Unless you are a cryptographer, this stuff is hard

  18. Copying and pasting is easy

  19. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /path/to/public.crt; ssl_certificate_key /path/to/private.key; ssl_prefer_server_ciphers on;

    ssl_ciphers ECDHE-RSA-AES128-GCM- SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE- RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256- GCM-SHA384…; https://github.com/igrigorik/istlsfastyet.com/blob/master/nginx/includes/ssl.conf

  20. Knowing what you are doing is hard

  21. TLS Basics

  22. Transport Layer Security

  23. SSLv2 SSLv3 TLSv1.0 TLSv1.1 TLSv1.2

  24. SSLv2 1995 SSLv3 1996 TLSv1.0 1999 TLSv1.1 2006 TLSv1.2 2008

  25. SSLv2 1995 PHP Tools SSLv3 1996 PHP/FI (2.0) TLSv1.0 1999

    PHP 3.0 TLSv1.1 2006 PHP 5.2 TLSv1.2 2008 PHP 5.2.8

  26. SSLv2 1995 MITM SSLv3 1996 POODLE TLSv1.0 1999 BEAST TLSv1.1

    2006 TLSv1.2 2008

  27. Provides authentication, encryption, integrity, and key exchange

  28. Authentication

  29. Encryption

  30. Integrity

  31. Key exchange

  32. Compromise of any of these, compromises the whole system

  33. Cipher Suites

  34. Combination of algorithms for authentication, encryption, integrity and key exchange

  35. ECDHE-RSA-AES128-GCM-SHA256

  36. ECDHE-RSA-AES128-GCM-SHA256 Key Exchange

  37. ECDHE-RSA-AES128-GCM-SHA256 Certificate signing algorithm (authentication)

  38. ECDHE-RSA-AES128-GCM-SHA256 Cipher (Encryption)

  39. ECDHE-RSA-AES128-GCM-SHA256 Message authentication code (integrity)

  40. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128- GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH +AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA- AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA- AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-

    SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256- SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128- SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES- CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3- SHA
  41. None
  42. None

  43. TLS Handshake

  44. Client presents supported cipher suites

  45. Server chooses suite to use

  46. Certificate sent to client

  47. Verified with signing algorithm to authenticate the certificate

  48. ECDHE-RSA-AES128-GCM-SHA256

  49. RSA is the most widely supported signing mechanism

  50. Recommendation RSA for Certificate Authentication but ECDSA will be the

    new hotness

  51. Key exchange

  52. Negotiate the key for encryption and decryption

  53. ECDHE-RSA-AES128-GCM-SHA256

  54. Preferring Ephemeral Diffie Hellman algorithms give you Perfect Forward Secrecy

  55. Guarantees a different key for each connection

  56. RSA uses the same key for each connection

  57. Recommendation ECDHE for Key Exchange

  58. Server is verified and keys are negotiated

  59. Key is used by encryption algorithm

  60. ECDHE-RSA-AES128-GCM-SHA256

  61. Advanced Encryption Standard (AES) is the only real option

  62. Other ciphers have known weaknesses

  63. Can choose between 128 and 256 bit encryption

  64. Recommendation AES-128-GCM for encryption but watch for ChaCha20

  65. Encrypted messages are signed to guarantee integrity

  66. SHA-256 and SHA-384 are the two practical options

  67. Recommendation SHA-256 for MAC but watch for Poly1305

  68. So…huh?

  69. Use Mozilla’s guide https://wiki.mozilla.org/Security/ Server_Side_TLS

  70. HTTP Strict Transport Security

  71. SSL Stripping http://www.thoughtcrime.org/software/sslstrip/

  72. What if HTTP variant was never accessed?

  73. HSTS blocks browser from HTTP version of site

  74. Recommendation Set HSTS headers

  75. Set HSTS only after mixed content issues are resolved

  76. Content Security Policy

  77. Mixed content warnings are bad

  78. Whitelist assets loaded on your site

  79. Whitelist only HTTPS assets

  80. Use report-only variant

  81. Current recommendation Use CSP headers

  82. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  83. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  84. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  85. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  86. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  87. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  88. Content-Security-Policy-Report- Only: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self'

    https:; style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com; report-uri /beacon.php

  89. HTTPS Mixed Content Detector Plugin for WordPress

  90. Do your homework

  91. Make good decisions

  92. Maintain your TLS config like you maintain your code

  93. The Code Book Simon Singh High Performance Browser Networking (TLS

    Chapter) Ilya Grigorik Bulletproof SSL and TLS Ivan Ristic SSL and TLS: Designing and Building Secure Systems Eric Rescorla

  94. @tollmanz tollmanz.com/mwphp15 Zack Tollman