Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTPS is Coming: Are You Prepared? (Velocity 2016)

Avatar for Zack Tollman Zack Tollman
June 23, 2016
Technology
0
210

HTTPS is Coming: Are You Prepared? (Velocity 2016)

As web developers, we live in interesting times. A major movement toward an HTTPS-only Internet is afoot. Google, Mozilla, and even the Internet Engineering Task Force (IETF) have publicly declared their intent to move toward an HTTPS-only Web. New technologies, such as service workers and HTTP/2, are only supported with an HTTP connection secured via transport layer security (TLS). This transition is a significant win for privacy, security, and encryption, especially given the recent Edward Snowden revelations.

While a HTTPS-only Web is a great goal, there is a major problem that does not get a lot of attention: we are terrible at configuring TLS. Recent academic research suggests that while developers are able to achieve a working TLS connection, they struggle to implement it securely due to misconfiguration errors. Moreover, the two most recent attacks against TLS (FREAK and Logjam) only affected servers that were misconfigured. Unfortunately, one of these attacks was estimated to affect approximately 8% of all websites due to mass misunderstanding and misconfiguration of TLS. SSL Pulse suggests that ~43% of the Alexa-ranked sites they sampled that offer an HTTPS connection are not secure, meaning that they have failed in at least one major area of TLS configuration. An HTTPS-only Web is a powerful thing, but an insecure Web that parades as a secure Web is dangerous.

In the years to come, tweaking and understanding your TLS configuration will be as basic a skill as knowing how to adjust to an .htaccess file. While some web developers may work in areas that have dedicated security teams to handle TLS, many do not have such resources. Just as a developer might be responsible for setting up an Nginx server to deploy her code, she might also have to handle the TLS configuration. Without the proper knowledge in this area, the site is at risk for being insecure.

One can find information about a “proper” TLS configuration online, but making sense of that information is maddening. If you’ve not been exposed to this information, I dare you to make sense of such a configuration. Zack Tollman explores the key aspects of HTTPS, unraveling the meaning of the obfuscated notation behind TLS configuration in an effort to empower developers to take control of their HTTPS-only sites. Zack concludes with an interactive demonstration of a Diffie-Hellman key exchange.
Avatar for Zack Tollman

Zack Tollman

June 23, 2016
Tweet

More Decks by Zack Tollman

See All by Zack Tollman
Defining Fast: The Hardest Problem in Performance Engineering
Avatar for Zack Tollman tollmanz
0
88
Defining Fast: The Hardest Problem in Performance Engineering
Avatar for Zack Tollman tollmanz
0
150
ReWIRED: Moving WIRED.com from WordPress to Node
Avatar for Zack Tollman tollmanz
0
300
Put an "S" on it: Moving a Large Publishing Site to HTTPS
Avatar for Zack Tollman tollmanz
1
150
Building Custom User Experiences from the Edge
Avatar for Zack Tollman tollmanz
0
120
HTTPS Migrations: The Hard Parts
Avatar for Zack Tollman tollmanz
0
370
Understanding HTTPS and TLS
Avatar for Zack Tollman tollmanz
0
190
HTTPS Is Coming - WP SFO
Avatar for Zack Tollman tollmanz
0
110
The Many Challenges of Object Caching in WordPress
Avatar for Zack Tollman tollmanz
0
110

Other Decks in Technology

See All in Technology
インフラからSREへ
Avatar for Issei Naruta mirakui
19
7k
Part2 GitHub Copilotってなんだろう
Avatar for tomokusaba tomokusaba
2
850
使えるデータ基盤を作る技術選定の秘訣 / selecting-the-right-data-technology
Avatar for pei0804 pei0804
9
1.5k
名単体テスト 禁断の傀儡(モック)
Avatar for iwamot iwamot
PRO
1
300
計測による継続的なCI/CDの改善
Avatar for SansanTech sansantech
PRO
7
1.7k
非root化Androidスマホでも動く仮想マシンアプリを試してみた
Avatar for Sora Arakawa arkw
0
130
Oracle Base Database Service 技術詳細
Avatar for oracle4engineer oracle4engineer
PRO
8
64k
MCP でモノが動くとおもしろい/It is interesting when things move with MCP
Avatar for 株式会社ビットキー / Bitkey Inc. bitkey
3
590
分解し、導き、託す ログラスにおける“技術でリードする” 実践の記録
Avatar for Hiroto Ryushima hryushm
0
440
VitePress & MCPでアプリ仕様のオープン化に挑戦する
Avatar for Hal hal_spidernight
0
120
Terraform にコントリビュートしていたら Azure のコストをやらかした話 / How I Messed Up Azure Costs While Contributing to Terraform
Avatar for ののし nnstt1
1
540
Next.jsと状態管理のプラクティス
Avatar for uhyo uhyo
6
2.3k

Featured

See All Featured
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
183
22k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
159
23k
Typedesign – Prime Four
Avatar for Hannes Fritz hannesfritz
41
2.6k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
31
1.2k
Music & Morning Musume
Avatar for Bryan Veloso bryan
47
6.5k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
172
14k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
137
6.9k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
523
40k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
71
11k
Unsuck your backbone
Avatar for Amy Palamountain ammeep
671
58k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
126
17k
Large-scale JavaScript Application Architecture
Avatar for Addy Osmani addyosmani
512
110k

Transcript

  1. HTTPS is Coming: Are You Prepared? Zack Tollman @tollmanz

  2. “I’ve got some stuff you might be interested in.” http://www.pbs.org/wgbh/frontline/article/how-edward-snowden-leaked-thousands-of-nsa-documents/

  3. “Pervasive monitoring is a technical attack” — IETF https://tools.ietf.org/html/rfc7258

  4. “Today we are announcing our intent to phase out non-secure

    HTTP” — Richard Barnes, Firefox Security Lead https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/

  5. HTTP/2 is TLS only in Chrome, Firefox, Opera, IE/Edge, and

    Safari https://wiki.mozilla.org/Networking/http2

  6. “Let’s Encrypt is leaving beta today” https://letsencrypt.org/2016/04/12/leaving-beta-new-sponsors.html

  7. Now Later Less HTTPS More HTTPS

  8. HTTPS knowledge is now essential

  9. We are bad at HTTPS

  10. 43% of sites are not secure https://www.trustworthyinternet.org/ssl-pulse/

  11. “industry-wide configuration problem with the deployment of DHE key exchange”

    — Huang, Adhikarla, Boneh, & Jackson (2014) http://www.w2spconf.com/2014/papers/TLS.pdf

  12. “misconfiguration errors are undermining the potential security” — Kranch &

    Bonneau (2015) http://www.internetsociety.org/sites/default/files/01_4_0.pdf

  13. Why?

  14. Unless you are a cryptographer, this stuff is hard

  15. Copying and pasting is easy

  16. Knowing what you are doing is hard

  17. TLS Basics

  18. Transport Layer Security

  19. SSL v2 SSL v3 TLS v1 TLS v1.1 TLS v1.2

    1995 1996 1999 2006 2008

  20. TCP Transport Layer Security HTTP

  21. Provides authentication, encryption, integrity, and key exchange

  22. Authentication

  23. Is the server the intended server?

  24. Integrity

  25. Is the message sent the message received?

  26. Encryption

  27. Converts plaintext to ciphertext

  28. i r y b p v g l

  29. i r y b p v g l v e

    l o c i t y

  30. A B C D E F N O P Q

    R S +13

  31. Letter + 13 = Cipher Letter

  32. Key is 13

  33. Key owners can encrypt and decrypt

  34. Key Exchange

  35. How do we establish an encryption key for 2 unknown

    parties over an insecure connection?

  36. By Alessandro Nassiri - Museo della Scienza e della Tecnologia

    "Leonardo da Vinci", CC BY-SA 4.0, https:// commons.wikimedia.org/w/index.php?curid=47910919

  37. Diffie-Hellman-Merkle key exchange

  38. p = 23 g = 5 https://github.com/tollmanz/diffie-hellman-key-exchange-demo Demo

  39. If anything goes wrong, make a joke about bad wifi

  40. Compromise of any of these, compromises the whole system

  41. Cipher Suites

  42. Combination of algorithms for authentication, integrity, encryption, and key exchange

  43. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /path/to/public.crt; ssl_certificate_key /path/to/private.key; ssl_ciphers ECDHE-RSA-AES128-GCM-

    SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE- RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM- SHA384…; ssl_prefer_server_ciphers on; https://github.com/igrigorik/istlsfastyet.com/blob/master/nginx/includes/ssl.conf

  44. ECDHE-RSA-AES128-GCM-SHA256

  45. ECDHE-RSA-AES128-GCM-SHA256 Key Exchange

  46. ECDHE-RSA-AES128-GCM-SHA256 Certificate signing algorithm (Authentication)

  47. ECDHE-RSA-AES128-GCM-SHA256 Cipher (Encryption)

  48. ECDHE-RSA-AES128-GCM-SHA256 Message authentication code (Integrity)

  49. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM- SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256- GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128- GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE- ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256- SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256- SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS- AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256- SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-

    SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:! DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH- RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

  50. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM- SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256- GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128- GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE- ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256- SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256- SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS- AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256- SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-

    SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:! DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH- RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

  51. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM- SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256- GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128- GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE- ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256- SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256- SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS- AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256- SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-

    SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:! DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH- RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  52. None

  53. What?

  54. Use Mozilla’s guide https://wiki.mozilla.org/Security/Server_Side_TLS

  55. The Code Book Simon Singh High Performance Browser Networking (TLS

    Chapter) Ilya Grigorik Bulletproof SSL and TLS Ivan Ristic SSL and TLS: Designing and Building Secure Systems Eric Rescorla

  56. https://speakerdeck.com/ tollmanz/https-is-coming-are- you-prepared-velocity-2016 @tollmanz