Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTPS is Coming: Are you Prepared?

Zack Tollman
November 17, 2015
Technology
0
110

HTTPS is Coming: Are you Prepared?

Google, Firefox, and the IETF are currently engaged in significant initiatives to convert the Web to be secure by default. Page ranking, exciting new browser APIs, and HTTP/2 are all pushing websites to require HTTPS. An HTTPS-only web is imminent. Do you know how to configure HTTPS properly? According to SSL Pulse, 75% of the top 1 million websites that use HTTPS are not actually secure because of misconfiguration. In my talk, I will discuss the key aspects of HTTPS to empower developers to deploy truly secure HTTPS sites.

Zack Tollman

November 17, 2015
Tweet

More Decks by Zack Tollman

See All by Zack Tollman
Defining Fast: The Hardest Problem in Performance Engineering
tollmanz
0
73
Defining Fast: The Hardest Problem in Performance Engineering
tollmanz
0
99
ReWIRED: Moving WIRED.com from WordPress to Node
tollmanz
0
190
Put an "S" on it: Moving a Large Publishing Site to HTTPS
tollmanz
1
120
Building Custom User Experiences from the Edge
tollmanz
0
95
HTTPS Migrations: The Hard Parts
tollmanz
0
220
HTTPS is Coming: Are You Prepared? (Velocity 2016)
tollmanz
0
160
Understanding HTTPS and TLS
tollmanz
0
180
HTTPS Is Coming - WP SFO
tollmanz
0
93

Other Decks in Technology

See All in Technology
長期間TiDBを使ってきた話 @ 私たちはなぜNewSQLを使うのかTiDB選定5社が語る選定理由と活用LT / Experiences with TiDB Over Time
chibiegg
2
900
SIEMを用いて、セキュリティログ分析の可視化と分析を実現し、PDCAサイクルを回してみた
coconala_engineer
0
320
AOAI をきっかけに​ 社内の Azure 管理を見直した話​
recruitengineers
PRO
1
290
Gitlab本から学んだこと - そーだいなるプレイバック / gitlab-book
soudai
4
430
Java EE/Jakarta EEの現状と将来 ―クラウドネイティブ時代にJava EEは対応できるのか?―
takakiyo
1
160
Delivering Millions of Messages within seconds @ Duolingo
pelelgrino
0
350
推しは推せるときに推せ! プロダクトにフィードバックしていこう
nakasho
0
320
Cloud Native Java with Spring Boot (CNCF Aarhus, April 2024)
thomasvitale
1
170
GraphQL 成熟度モデルの紹介と、プロダクトに当てはめた事例 / GraphQL maturity model
mh4gf
7
1.3k
Azure犬駆動開発の記録/GlobalAzureFukuoka2024_20240420
nina01
1
210
Google Cloud の AI を支える裏側のインフラを垣間見る!
maroon1st
0
350
プロンプトエンジニアリングでがんばらない-Agentic Workflow へ-近藤憲児
kenjikondobai
2
710

Featured

See All Featured
Designing for humans not robots
tammielis
248
25k
The Cult of Friendly URLs
andyhume
74
5.7k
Atom: Resistance is Futile
akmur
259
25k
Put a Button on it: Removing Barriers to Going Fast.
kastner
58
3.1k
Web Components: a chance to create the future
zenorocha
305
41k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
Making the Leap to Tech Lead
cromwellryan
124
8.5k
The Art of Programming - Codeland 2020
erikaheidi
42
12k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
116
18k
For a Future-Friendly Web
brad_frost
172
9k
Stop Working from a Prison Cell
hatefulcrawdad
266
19k
Fireside Chat
paigeccino
21
2.6k

Transcript

  1. HTTPS is Coming Zack Tollman @tollmanz

  2. None

  3. “Pervasive monitoring is a technical attack that should be mitigated

    in the design of IETF protocols, where possible.” — IETF https://tools.ietf.org/html/rfc7258

  4. “Today we are announcing our intent to phase out non-secure

    HTTP” — Richard Barnes, Firefox Security Lead https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/

  5. HTTP/2 is TLS only in Chrome, Firefox, Opera, IE/Edge, and

    Safari https://wiki.mozilla.org/Networking/http2

  6. Now Later Less TLS More TLS

  7. TLS knowledge is now essential

  8. We are bad at TLS

  9. 68% of sites are not secure https://www.trustworthyinternet.org/ssl-pulse/

  10. 95% do not support HSTS https://www.trustworthyinternet.org/ssl-pulse/

  11. 25% do not support Perfect Forward Secrecy https://www.trustworthyinternet.org/ssl-pulse/

  12. “misconfiguration errors are undermining the potential security” — Kranch &

    Bonneau (2015) http://www.internetsociety.org/sites/default/files/01_4_0.pdf

  13. “industry-wide configuration problem with the deployment of DHE key exchange”

    — Huang, Adhikarla, Boneh, & Jackson (2014) http://www.w2spconf.com/2014/papers/TLS.pdf

  14. We don’t seem to understand TLS

  15. Let’s fix that

  16. 1. Understand TLS 2. Acquire certificate 3. Configure TLS

  17. Quick Note on TLS and SSL

  18. SSL v2 SSL v3 TLS v1 TLS v1.1 TLS v1.2

    1995 1996 1999 2006 2008

  19. Encryption Integrity Authentication Key Exchange

  20. Authentication

  21. Is the server the intended server?

  22. Chain of “trust”

  23. End Certificate example.com Signing algorithm Signature Public Key Public Exponent

  24. End Intermediate Certificate CA certificate Signature

  25. End Root Certificate In browser Signature Intermediate

  26. End Intermediate Root Trusts Trusts

  27. Integrity

  28. Is the message received the message sent?

  29. Data Data

  30. Data Data Hash Encrypt

  31. Data Data Hash Encrypt Encrypt

  32. Data Data Hash Encrypt Encrypt Receiver

  33. Receiver has encrypted hash and encrypted data

  34. E-Hash E-Data

  35. E-Hash E-Data P-Hash P-Data

  36. E-Hash E-Data P-Hash P-Data Hash

  37. Hash Hash =

  38. Encryption

  39. Converts plaintext to ciphertext

  40. c u c j b e y q

  41. c u c j b e y q p h

    p w o r l d

  42. A B C D E F N O P Q

    R S +13

  43. Algorithm: Letter + 13 = Cipher Letter

  44. Substitution Cipher Caesar Cipher

  45. Key

  46. Key 13

  47. Weak cipher

  48. Secrecy in algorithm is a problem

  49. Secrecy in key is better

  50. Advanced Encryption Standard - Rijndael http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

  51. Many rounds of substitution and permutations

  52. Key Exchange

  53. How do we establish an encryption key for 2 unknown

    parties over an insecure connection?

  54. http://en.wikipedia.org/wiki/Enigma_machine#/media/File:Kenngruppenheft.jpg Ben Slivka

  55. Couriers delivered the daily keys

  56. http://en.wikipedia.org/wiki/Jeff_Bezos#/media/File:Jeff_Bezos%27_iconic_laugh.jpg

  57. Doesn’t work for the modern web

  58. Diffie-Hellman-Merkle key exchange

  59. Each individual has a key by the time the process

    is complete

  60. Demo p = 23 g = 5

  61. s is a premaster secret from which the master secret

    is derived

  62. Master secret is the key used for encryption

  63. Trapdoor functions

  64. Easy one way

  65. Impossibly difficult the other way

  66. If a, b, g, or p are different, s is

    different

  67. Perfect forward secrecy

  68. Lavabit

  69. I failed to update the Lavabit SSL configuration to prefer

    ciphers that provided perfect forward secrecy. — Ladar Levison http://arstechnica.com/security/2013/11/07/op-ed-lavabits-founder-responds-to- cryptographers-criticism/

  70. Cipher Suites

  71. Combination of algorithms for authentication, integrity, encryption, and key exchange

  72. ECDHE-RSA-AES128-GCM-SHA256

  73. ECDHE-RSA-AES128-GCM-SHA256 Key Exchange

  74. ECDHE-RSA-AES128-GCM-SHA256 Certificate signing algorithm (Authentication)

  75. ECDHE-RSA-AES128-GCM-SHA256 Cipher (Encryption)

  76. ECDHE-RSA-AES128-GCM-SHA256 Message authentication code (Integrity)

  77. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128- GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH +AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA- AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA- AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-

    SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256- SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128- SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES- CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3- SHA

  78. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128- GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH +AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA- AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA- AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-

    SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256- SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128- SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES- CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3- SHA

  79. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128- GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH +AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA- AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA- AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-

    SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256- SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128- SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES- CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3- SHA
  80. None
  81. None

  82. TLS Handshake

  83. Client Server ClientHello ServerHello Certificate ServerHelloDone ClientKeyExchange ChangeCipherSpec Finished ChangeCipherSpec

    Finished Application Data

  84. 1. Client hello Cipher suites TLS version Random bytes Client

    -> Server

  85. 2. Server hello Cipher suite choice TLS version choice Server

    -> Client

  86. 3. Certificate Certificate chain sent Cert signature matches auth algorithm

    Server -> Client

  87. 4. Server Key Exchange Info for key exchange Server ->

    Client

  88. 5. Server Hello Done Server has sent all info Server

    -> Client

  89. 6. Client Key Exchange Info for key exchange Client ->

    Server

  90. 7. Change Cipher Spec Enough info for encryption Switch to

    encryption Client -> Server

  91. 8. Finished Signals that handshake is done Client -> Server

  92. 9. Change Cipher Spec Server -> Client

  93. 10. Finished Server -> Client

  94. TLS Handshake demo with Wireshark

  95. HTTP Strict Transport Security

  96. SSL Stripping http://www.thoughtcrime.org/software/sslstrip/

  97. What if HTTP variant was never accessed?

  98. HSTS blocks browser from HTTP version of site

  99. Set HSTS only after mixed content issues are resolved

  100. add_header Strict-Transport- Security 'max-age=31536000';

  101. add_header Strict-Transport- Security 'max-age=31536000; includeSubDomains';

  102. Mixed Content

  103. HTTP assets in HTTPS page is an attack vector

  104. Content Security Policy

  105. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  106. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  107. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  108. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  109. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  110. Content-Security-Policy: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self' https:;

    style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com

  111. Content-Security-Policy-Report- Only: default-src 'self' https:; font-src https:// fonts.gstatic.com; img-src 'self'

    https:; style-src ‘self' https: https://fonts.googleapis.com; script-src 'self' https: https://ssl.google-analytics.com; report-uri /beacon.php

  112. upgrade-insecure-requests coming soon http://www.w3.org/TR/upgrade-insecure-requests/

  113. Automated Certificate Management Environment (ACME)

  114. Let’s Encrypt

  115. TLS Configuration Needs Maintenance

  116. A theoretical weakness became practical. — Ladar Levison http://arstechnica.com/security/2013/11/07/op-ed-lavabits-founder-responds-to- cryptographers-criticism/

  117. I missed that development. — Ladar Levison http://arstechnica.com/security/2013/11/07/op-ed-lavabits-founder-responds-to- cryptographers-criticism/