Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTPS is Coming: Are You Prepared? (Velocity 2016)

Zack Tollman
June 23, 2016
Technology
0
150

HTTPS is Coming: Are You Prepared? (Velocity 2016)

As web developers, we live in interesting times. A major movement toward an HTTPS-only Internet is afoot. Google, Mozilla, and even the Internet Engineering Task Force (IETF) have publicly declared their intent to move toward an HTTPS-only Web. New technologies, such as service workers and HTTP/2, are only supported with an HTTP connection secured via transport layer security (TLS). This transition is a significant win for privacy, security, and encryption, especially given the recent Edward Snowden revelations.

While a HTTPS-only Web is a great goal, there is a major problem that does not get a lot of attention: we are terrible at configuring TLS. Recent academic research suggests that while developers are able to achieve a working TLS connection, they struggle to implement it securely due to misconfiguration errors. Moreover, the two most recent attacks against TLS (FREAK and Logjam) only affected servers that were misconfigured. Unfortunately, one of these attacks was estimated to affect approximately 8% of all websites due to mass misunderstanding and misconfiguration of TLS. SSL Pulse suggests that ~43% of the Alexa-ranked sites they sampled that offer an HTTPS connection are not secure, meaning that they have failed in at least one major area of TLS configuration. An HTTPS-only Web is a powerful thing, but an insecure Web that parades as a secure Web is dangerous.

In the years to come, tweaking and understanding your TLS configuration will be as basic a skill as knowing how to adjust to an .htaccess file. While some web developers may work in areas that have dedicated security teams to handle TLS, many do not have such resources. Just as a developer might be responsible for setting up an Nginx server to deploy her code, she might also have to handle the TLS configuration. Without the proper knowledge in this area, the site is at risk for being insecure.

One can find information about a “proper” TLS configuration online, but making sense of that information is maddening. If you’ve not been exposed to this information, I dare you to make sense of such a configuration. Zack Tollman explores the key aspects of HTTPS, unraveling the meaning of the obfuscated notation behind TLS configuration in an effort to empower developers to take control of their HTTPS-only sites. Zack concludes with an interactive demonstration of a Diffie-Hellman key exchange.

Zack Tollman

June 23, 2016
Tweet

More Decks by Zack Tollman

See All by Zack Tollman
Defining Fast: The Hardest Problem in Performance Engineering
tollmanz
0
61
Defining Fast: The Hardest Problem in Performance Engineering
tollmanz
0
89
ReWIRED: Moving WIRED.com from WordPress to Node
tollmanz
0
160
Put an "S" on it: Moving a Large Publishing Site to HTTPS
tollmanz
1
88
Building Custom User Experiences from the Edge
tollmanz
0
79
HTTPS Migrations: The Hard Parts
tollmanz
0
150
Understanding HTTPS and TLS
tollmanz
0
170
HTTPS Is Coming - WP SFO
tollmanz
0
81
The Many Challenges of Object Caching in WordPress
tollmanz
0
89

Other Decks in Technology

See All in Technology
分散トレーシングとOpenTelemetryのススメ 超入門編
k6s4i53rx
3
790
株式会社オプティム_採用会社紹介資料 / optim-recruit
optim
0
9.6k
Data-Centric AIのためのベンチマーク
x_ttyszk
1
660
JSAI2023 Tutorial 「基盤モデルの技術と展望」
yusuke0519
6
2.1k
機械学習モデル性能向上への学習データからのアプローチ
okada_fuutass
0
170
Princess APIのAPIクライアントをTypeScriptで作ってnpmで公開してみた
ohmori_yusuke
1
550
Predictive back transition Animation on Android 14
line_developers
PRO
1
540
人工知能学会 AI哲学マップ・総括セッション 講演資料
miyayou
3
1.3k
金融系子会社でレガシーシステムしか作ったことないけど、モダン開発に挑戦してみた
marikashiotsuki
1
130
データマイニングと機械学習-SVM
trycycle
0
150
Evolving ML Platform with OSS Upstream Community
y_iwai
0
250
WWDC「間」を復習しよう
line_developers
PRO
0
360

Featured

See All Featured
In The Pink: A Labor of Love
frogandcode
133
21k
How to train your dragon (web standard)
notwaldorf
69
4.4k
Six Lessons from altMBA
skipperchong
16
2.5k
Pencils Down: Stop Designing & Start Developing
hursman
115
10k
Robots, Beer and Maslow
schacon
154
7.5k
Rebuilding a faster, lazier Slack
samanthasiow
70
7.7k
Large-scale JavaScript Application Architecture
addyosmani
500
110k
VelocityConf: Rendering Performance Case Studies
addyosmani
317
22k
Bash Introduction
62gerente
602
210k
For a Future-Friendly Web
brad_frost
166
8k
Making Projects Easy
brettharned
102
5k
The Brand Is Dead. Long Live the Brand.
mthomps
48
4.1k

Transcript

  1. HTTPS is Coming:

    Are You Prepared?
    Zack Tollman @tollmanz

    View Slide

  2. “I’ve got some stuff you
    might be interested in.”
    http://www.pbs.org/wgbh/frontline/article/how-edward-snowden-leaked-thousands-of-nsa-documents/

    View Slide

  3. “Pervasive monitoring

    is a technical attack”

    — IETF
    https://tools.ietf.org/html/rfc7258

    View Slide

  4. “Today we are announcing
    our intent to phase out
    non-secure HTTP”

    — Richard Barnes, Firefox Security Lead
    https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/

    View Slide

  5. HTTP/2 is TLS only in
    Chrome, Firefox, Opera,
    IE/Edge, and Safari
    https://wiki.mozilla.org/Networking/http2

    View Slide

  6. “Let’s Encrypt is leaving
    beta today”
    https://letsencrypt.org/2016/04/12/leaving-beta-new-sponsors.html

    View Slide

  7. Now Later
    Less

    HTTPS
    More

    HTTPS

    View Slide

  8. HTTPS knowledge is now
    essential

    View Slide

  9. We are bad at HTTPS

    View Slide

  10. 43% of sites are not secure
    https://www.trustworthyinternet.org/ssl-pulse/

    View Slide

  11. “industry-wide configuration

    problem with the
    deployment of DHE key
    exchange”

    — Huang, Adhikarla, Boneh, & Jackson (2014)

    http://www.w2spconf.com/2014/papers/TLS.pdf

    View Slide

  12. “misconfiguration errors

    are undermining the
    potential security”

    — Kranch & Bonneau (2015)
    http://www.internetsociety.org/sites/default/files/01_4_0.pdf

    View Slide

  13. Why?

    View Slide

  14. Unless you are a
    cryptographer, this

    stuff is hard

    View Slide

  15. Copying and pasting is
    easy

    View Slide

  16. Knowing what you are
    doing is hard

    View Slide

  17. TLS Basics

    View Slide

  18. Transport Layer

    Security

    View Slide

  19. SSL v2

    SSL v3

    TLS v1

    TLS v1.1

    TLS v1.2
    1995

    1996

    1999

    2006

    2008

    View Slide

  20. TCP

    Transport Layer Security

    HTTP

    View Slide

  21. Provides authentication,
    encryption, integrity,
    and key exchange

    View Slide

  22. Authentication

    View Slide

  23. Is the server the intended
    server?

    View Slide

  24. Integrity

    View Slide

  25. Is the message sent the
    message received?

    View Slide

  26. Encryption

    View Slide

  27. Converts plaintext to
    ciphertext

    View Slide

  28. i r y b p v g l

    View Slide

  29. i r y b p v g l
    v e l o c i t y

    View Slide

  30. A B C D E F
    N O P Q R S
    +13

    View Slide

  31. Letter + 13 = Cipher Letter

    View Slide

  32. Key is 13

    View Slide

  33. Key owners can encrypt
    and decrypt

    View Slide

  34. Key Exchange

    View Slide

  35. How do we establish an
    encryption key for 2
    unknown parties over an
    insecure connection?

    View Slide

  36. By Alessandro Nassiri - Museo della Scienza e della Tecnologia "Leonardo da Vinci", CC BY-SA 4.0, https://
    commons.wikimedia.org/w/index.php?curid=47910919

    View Slide

  37. Diffie-Hellman-Merkle
    key exchange

    View Slide

  38. p = 23

    g = 5
    https://github.com/tollmanz/diffie-hellman-key-exchange-demo
    Demo

    View Slide

  39. If anything goes wrong,
    make a joke about bad
    wifi

    View Slide

  40. Compromise of any of
    these, compromises the
    whole system

    View Slide

  41. Cipher Suites

    View Slide

  42. Combination of
    algorithms for
    authentication,
    integrity, encryption,
    and key exchange

    View Slide

  43. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_certificate /path/to/public.crt;
    ssl_certificate_key /path/to/private.key;
    ssl_ciphers ECDHE-RSA-AES128-GCM-
    SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-
    RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-
    SHA384…;
    ssl_prefer_server_ciphers on;
    https://github.com/igrigorik/istlsfastyet.com/blob/master/nginx/includes/ssl.conf

    View Slide

  44. ECDHE-RSA-AES128-GCM-SHA256

    View Slide

  45. ECDHE-RSA-AES128-GCM-SHA256
    Key Exchange

    View Slide

  46. ECDHE-RSA-AES128-GCM-SHA256
    Certificate signing
    algorithm (Authentication)

    View Slide

  47. ECDHE-RSA-AES128-GCM-SHA256
    Cipher (Encryption)

    View Slide

  48. ECDHE-RSA-AES128-GCM-SHA256
    Message authentication
    code (Integrity)

    View Slide

  49. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-
    SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-
    GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-
    GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-
    ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-
    AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-
    SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-
    SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-
    AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-
    SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-
    SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-
    SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!
    DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-
    RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

    View Slide

  50. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-
    SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-
    GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-
    GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-
    ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-
    AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-
    SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-
    SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-
    AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-
    SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-
    SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-
    SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!
    DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-
    RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

    View Slide

  51. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-
    SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-
    GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-
    GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-
    ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-
    AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-
    SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-
    SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-
    AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-
    SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-
    SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-
    SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!
    DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-
    RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

    View Slide

  52. View Slide

  53. What?

    View Slide

  54. Use Mozilla’s guide

    https://wiki.mozilla.org/Security/Server_Side_TLS

    View Slide

  55. The Code Book

    Simon Singh
    High Performance Browser Networking (TLS
    Chapter)

    Ilya Grigorik
    Bulletproof SSL and TLS

    Ivan Ristic
    SSL and TLS: Designing and Building Secure
    Systems

    Eric Rescorla

    View Slide

  56. https://speakerdeck.com/
    tollmanz/https-is-coming-are-
    you-prepared-velocity-2016

    @tollmanz

    View Slide