HTTPS is Coming: Are You Prepared? (Velocity 2016)

HTTPS is Coming: Are You Prepared? (Velocity 2016)

As web developers, we live in interesting times. A major movement toward an HTTPS-only Internet is afoot. Google, Mozilla, and even the Internet Engineering Task Force (IETF) have publicly declared their intent to move toward an HTTPS-only Web. New technologies, such as service workers and HTTP/2, are only supported with an HTTP connection secured via transport layer security (TLS). This transition is a significant win for privacy, security, and encryption, especially given the recent Edward Snowden revelations.

While a HTTPS-only Web is a great goal, there is a major problem that does not get a lot of attention: we are terrible at configuring TLS. Recent academic research suggests that while developers are able to achieve a working TLS connection, they struggle to implement it securely due to misconfiguration errors. Moreover, the two most recent attacks against TLS (FREAK and Logjam) only affected servers that were misconfigured. Unfortunately, one of these attacks was estimated to affect approximately 8% of all websites due to mass misunderstanding and misconfiguration of TLS. SSL Pulse suggests that ~43% of the Alexa-ranked sites they sampled that offer an HTTPS connection are not secure, meaning that they have failed in at least one major area of TLS configuration. An HTTPS-only Web is a powerful thing, but an insecure Web that parades as a secure Web is dangerous.

In the years to come, tweaking and understanding your TLS configuration will be as basic a skill as knowing how to adjust to an .htaccess file. While some web developers may work in areas that have dedicated security teams to handle TLS, many do not have such resources. Just as a developer might be responsible for setting up an Nginx server to deploy her code, she might also have to handle the TLS configuration. Without the proper knowledge in this area, the site is at risk for being insecure.

One can find information about a “proper” TLS configuration online, but making sense of that information is maddening. If you’ve not been exposed to this information, I dare you to make sense of such a configuration. Zack Tollman explores the key aspects of HTTPS, unraveling the meaning of the obfuscated notation behind TLS configuration in an effort to empower developers to take control of their HTTPS-only sites. Zack concludes with an interactive demonstration of a Diffie-Hellman key exchange.

980df66b142b2a067b3f8b67b04352de?s=128

Zack Tollman

June 23, 2016
Tweet

Transcript

  1. HTTPS is Coming: Are You Prepared? Zack Tollman @tollmanz

  2. “I’ve got some stuff you might be interested in.” http://www.pbs.org/wgbh/frontline/article/how-edward-snowden-leaked-thousands-of-nsa-documents/

  3. “Pervasive monitoring is a technical attack” — IETF https://tools.ietf.org/html/rfc7258

  4. “Today we are announcing our intent to phase out non-secure

    HTTP” — Richard Barnes, Firefox Security Lead https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
  5. HTTP/2 is TLS only in Chrome, Firefox, Opera, IE/Edge, and

    Safari https://wiki.mozilla.org/Networking/http2
  6. “Let’s Encrypt is leaving beta today” https://letsencrypt.org/2016/04/12/leaving-beta-new-sponsors.html

  7. Now Later Less HTTPS More HTTPS

  8. HTTPS knowledge is now essential

  9. We are bad at HTTPS

  10. 43% of sites are not secure https://www.trustworthyinternet.org/ssl-pulse/

  11. “industry-wide configuration problem with the deployment of DHE key exchange”

    — Huang, Adhikarla, Boneh, & Jackson (2014) http://www.w2spconf.com/2014/papers/TLS.pdf
  12. “misconfiguration errors are undermining the potential security” — Kranch &

    Bonneau (2015) http://www.internetsociety.org/sites/default/files/01_4_0.pdf
  13. Why?

  14. Unless you are a cryptographer, this stuff is hard

  15. Copying and pasting is easy

  16. Knowing what you are doing is hard

  17. TLS Basics

  18. Transport Layer Security

  19. SSL v2 SSL v3 TLS v1 TLS v1.1 TLS v1.2

    1995 1996 1999 2006 2008
  20. TCP Transport Layer Security HTTP

  21. Provides authentication, encryption, integrity, and key exchange

  22. Authentication

  23. Is the server the intended server?

  24. Integrity

  25. Is the message sent the message received?

  26. Encryption

  27. Converts plaintext to ciphertext

  28. i r y b p v g l

  29. i r y b p v g l v e

    l o c i t y
  30. A B C D E F N O P Q

    R S +13
  31. Letter + 13 = Cipher Letter

  32. Key is 13

  33. Key owners can encrypt and decrypt

  34. Key Exchange

  35. How do we establish an encryption key for 2 unknown

    parties over an insecure connection?
  36. By Alessandro Nassiri - Museo della Scienza e della Tecnologia

    "Leonardo da Vinci", CC BY-SA 4.0, https:// commons.wikimedia.org/w/index.php?curid=47910919
  37. Diffie-Hellman-Merkle key exchange

  38. p = 23 g = 5 https://github.com/tollmanz/diffie-hellman-key-exchange-demo Demo

  39. If anything goes wrong, make a joke about bad wifi

  40. Compromise of any of these, compromises the whole system

  41. Cipher Suites

  42. Combination of algorithms for authentication, integrity, encryption, and key exchange

  43. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /path/to/public.crt; ssl_certificate_key /path/to/private.key; ssl_ciphers ECDHE-RSA-AES128-GCM-

    SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE- RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM- SHA384…; ssl_prefer_server_ciphers on; https://github.com/igrigorik/istlsfastyet.com/blob/master/nginx/includes/ssl.conf
  44. ECDHE-RSA-AES128-GCM-SHA256

  45. ECDHE-RSA-AES128-GCM-SHA256 Key Exchange

  46. ECDHE-RSA-AES128-GCM-SHA256 Certificate signing algorithm (Authentication)

  47. ECDHE-RSA-AES128-GCM-SHA256 Cipher (Encryption)

  48. ECDHE-RSA-AES128-GCM-SHA256 Message authentication code (Integrity)

  49. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM- SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256- GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128- GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE- ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256- SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256- SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS- AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256- SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-

    SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:! DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH- RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  50. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM- SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256- GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128- GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE- ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256- SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256- SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS- AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256- SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-

    SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:! DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH- RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  51. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM- SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256- GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128- GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE- ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256- SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256- SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS- AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256- SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-

    SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:! DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH- RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  52. None
  53. What?

  54. Use Mozilla’s guide https://wiki.mozilla.org/Security/Server_Side_TLS

  55. The Code Book Simon Singh High Performance Browser Networking (TLS

    Chapter) Ilya Grigorik Bulletproof SSL and TLS Ivan Ristic SSL and TLS: Designing and Building Secure Systems Eric Rescorla
  56. https://speakerdeck.com/ tollmanz/https-is-coming-are- you-prepared-velocity-2016 @tollmanz