HTTPS is Coming: Are You Prepared?

980df66b142b2a067b3f8b67b04352de?s=47 Zack Tollman
November 07, 2015

HTTPS is Coming: Are You Prepared?

Google, Firefox, and the IETF are currently engaged in major initiatives to convert the web to be secure by default. Page ranking, new browser APIs, and HTTP/2 are all pushing websites to require HTTPS. An HTTPS only web is imminent. Unfortunately, according to SSL Pulse, 75% of the top 1 million websites that use HTTPS are not actually secure because of misconfiguration. Do you know how to configure HTTPS properly? In this talk, we will discuss the key aspects of HTTPS to empower developers to deploy truly secure HTTPS sites.

980df66b142b2a067b3f8b67b04352de?s=128

Zack Tollman

November 07, 2015
Tweet

Transcript

  1. HTTPS Is Coming: Are You Prepared? @tollmanz Zack Tollman

  2. An HTTPS only web is coming

  3. Today we are announcing our intent to phase out non-secure

    HTTP — Richard Barnes, Firefox Security Lead https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
  4. HTTP/2 is HTTPS only in Chrome, Firefox, Opera, Safari, and

    IE/Edge
  5. Pervasive monitoring is a technical attack that should be mitigated

    in the design of IETF protocols, where possible https://tools.ietf.org/html/rfc7258
  6. Now Later Less HTTPS More HTTPS

  7. But there’s a problem

  8. We implement HTTPS poorly

  9. SSL Pulse Reviews HTTPS sites in Alexa’s Top 300k sites

    https://www.trustworthyinternet.org/ssl-pulse/
  10. 70% are insecure

  11. “misconfiguration errors are undermining the potential security” Kranch & Bonneau

    (2015) http://www.internetsociety.org/sites/default/files/01_4_0.pdf
  12. “industry-wide configuration problem with the deployment of DHE key exchange"

    Huang, Adhikarla, Boneh, & Jackson (2014) http://www.w2spconf.com/2014/papers/TLS.pdf
  13. Why?

  14. Unless you are a cryptographer, this stuff is hard

  15. Copying and pasting is easy

  16. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /path/to/public.crt; ssl_certificate_key /path/to/private.key; ssl_prefer_server_ciphers on;

    ssl_ciphers ECDHE-RSA-AES128-GCM- SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE- RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256- GCM-SHA384…; https://github.com/igrigorik/istlsfastyet.com/blob/master/nginx/includes/ssl.conf
  17. Knowing what you are doing is hard

  18. TLS Basics

  19. Transport Layer Security

  20. HTTP Transport Layer Security TCP

  21. SSLv2 1995 SSLv3 1996 TLSv1.0 1999 TLSv1.1 2006 TLSv1.2 2008

  22. Provides authentication, encryption, integrity, and key exchange

  23. Authentication

  24. Authentication TLS certificates

  25. Integrity

  26. Encryption

  27. jbeqcerff

  28. WordPress

  29. Substitution Cipher

  30. A + 13 = N B + 13 = O

    C + 13 = P
  31. 13 is the Key

  32. Key exchange

  33. Demo https://github.com/tollmanz/diffie-hellman-key-exchange-demo p = 23 g = 5

  34. Compromise of any of these, compromises the whole system

  35. Cipher Suites

  36. Combination of algorithms for authentication, encryption, integrity and key exchange

  37. ECDHE-RSA-AES128-GCM-SHA256

  38. ECDHE-RSA-AES128-GCM-SHA256 Key Exchange

  39. ECDHE-RSA-AES128-GCM-SHA256 Certificate signing algorithm (authentication)

  40. ECDHE-RSA-AES128-GCM-SHA256 Cipher (Encryption)

  41. ECDHE-RSA-AES128-GCM-SHA256 Message authentication code (integrity)

  42. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128- GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH +AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA- AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA- AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-

    SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256- SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128- SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES- CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3- SHA
  43. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128- GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH +AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA- AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA- AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-

    SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256- SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128- SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES- CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3- SHA
  44. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128- GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH +AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA- AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA- AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-

    SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256- SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128- SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES- CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3- SHA
  45. None
  46. None
  47. So…huh?

  48. Use Mozilla’s guide https://wiki.mozilla.org/Security/ Server_Side_TLS

  49. HTTP Strict Transport Security

  50. SSL Stripping http://www.thoughtcrime.org/software/sslstrip/

  51. What if HTTP variant was never accessed?

  52. HSTS blocks browser from HTTP version of site

  53. Recommendation Set HSTS headers

  54. Set HSTS only after mixed content issues are resolved

  55. The Code Book Simon Singh High Performance Browser Networking (TLS

    Chapter) Ilya Grigorik Bulletproof SSL and TLS Ivan Ristic SSL and TLS: Designing and Building Secure Systems Eric Rescorla
  56. @tollmanz Zack Tollman