$30 off During Our Annual Pro Sale. View Details »

HTTPS is Coming: Are You Prepared? (Velocity 2016)

Zack Tollman
June 23, 2016
Technology
0
160

HTTPS is Coming: Are You Prepared? (Velocity 2016)

As web developers, we live in interesting times. A major movement toward an HTTPS-only Internet is afoot. Google, Mozilla, and even the Internet Engineering Task Force (IETF) have publicly declared their intent to move toward an HTTPS-only Web. New technologies, such as service workers and HTTP/2, are only supported with an HTTP connection secured via transport layer security (TLS). This transition is a significant win for privacy, security, and encryption, especially given the recent Edward Snowden revelations.

While a HTTPS-only Web is a great goal, there is a major problem that does not get a lot of attention: we are terrible at configuring TLS. Recent academic research suggests that while developers are able to achieve a working TLS connection, they struggle to implement it securely due to misconfiguration errors. Moreover, the two most recent attacks against TLS (FREAK and Logjam) only affected servers that were misconfigured. Unfortunately, one of these attacks was estimated to affect approximately 8% of all websites due to mass misunderstanding and misconfiguration of TLS. SSL Pulse suggests that ~43% of the Alexa-ranked sites they sampled that offer an HTTPS connection are not secure, meaning that they have failed in at least one major area of TLS configuration. An HTTPS-only Web is a powerful thing, but an insecure Web that parades as a secure Web is dangerous.

In the years to come, tweaking and understanding your TLS configuration will be as basic a skill as knowing how to adjust to an .htaccess file. While some web developers may work in areas that have dedicated security teams to handle TLS, many do not have such resources. Just as a developer might be responsible for setting up an Nginx server to deploy her code, she might also have to handle the TLS configuration. Without the proper knowledge in this area, the site is at risk for being insecure.

One can find information about a “proper” TLS configuration online, but making sense of that information is maddening. If you’ve not been exposed to this information, I dare you to make sense of such a configuration. Zack Tollman explores the key aspects of HTTPS, unraveling the meaning of the obfuscated notation behind TLS configuration in an effort to empower developers to take control of their HTTPS-only sites. Zack concludes with an interactive demonstration of a Diffie-Hellman key exchange.

Zack Tollman

June 23, 2016
Tweet

More Decks by Zack Tollman

See All by Zack Tollman
Defining Fast: The Hardest Problem in Performance Engineering
tollmanz
0
68
Defining Fast: The Hardest Problem in Performance Engineering
tollmanz
0
95
ReWIRED: Moving WIRED.com from WordPress to Node
tollmanz
0
170
Put an "S" on it: Moving a Large Publishing Site to HTTPS
tollmanz
1
100
Building Custom User Experiences from the Edge
tollmanz
0
87
HTTPS Migrations: The Hard Parts
tollmanz
0
180
Understanding HTTPS and TLS
tollmanz
0
180
HTTPS Is Coming - WP SFO
tollmanz
0
89
The Many Challenges of Object Caching in WordPress
tollmanz
0
93

Other Decks in Technology

See All in Technology
論文紹介: Improving Implicit Feedback-Based Recommendation through Multi-Behavior Alignment(Xin Xin et al., 2023)
hakubishin3
0
170
dbt Coreとdbt-athenaによるAWS上のdbt環境構築ナレッジ
nayuts
0
210
新卒エンジニアでも技術的負債に向き合いたい!
smasato
1
1.8k
CloudNative_TrailMap_Study#2_20231114
tkhresk
1
110
Java Language Future
chiroito
4
1.3k
從心開始的純軟之路
line_developers_tw
PRO
0
1.1k
That One Script You Wrote is Now a Platform
bownie
0
100
実装がすべてではない、開発者の周りから考える Web プロダクトセキュリティ
oldbigbuddha
1
220
AutoGenで作るLLM Agen
peisuke
1
290
Parsing case study in Go / Go Conference mini 2023 Winter IN KYOTO
k1low
2
100
提案段階のVS CodeのチャットエージェントAPIを動かしてみた
masa5555
0
110
EventStormingとRDRA2.0で大規模レガシーシステムのフルリニューアルPJに挑む
leveragestech
0
1.1k

Featured

See All Featured
Understanding Cognitive Biases in Performance Measurement
bluesmoon
5
740
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
240
20k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
16
1.5k
Web Components: a chance to create the future
zenorocha
304
41k
Infographics Made Easy
chrislema
236
17k
Building Adaptive Systems
keathley
29
1.6k
Streamline your AJAX requests with AmplifyJS and jQuery
dougneiner
130
9.8k
How GitHub (no longer) Works
holman
299
140k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
52
19k
The Straight Up "How To Draw Better" Workshop
denniskardys
226
130k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
239
1.2M
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.4k

Transcript

  1. HTTPS is Coming:

    Are You Prepared?
    Zack Tollman @tollmanz

    View Slide

  2. “I’ve got some stuff you
    might be interested in.”
    http://www.pbs.org/wgbh/frontline/article/how-edward-snowden-leaked-thousands-of-nsa-documents/

    View Slide

  3. “Pervasive monitoring

    is a technical attack”

    — IETF
    https://tools.ietf.org/html/rfc7258

    View Slide

  4. “Today we are announcing
    our intent to phase out
    non-secure HTTP”

    — Richard Barnes, Firefox Security Lead
    https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/

    View Slide

  5. HTTP/2 is TLS only in
    Chrome, Firefox, Opera,
    IE/Edge, and Safari
    https://wiki.mozilla.org/Networking/http2

    View Slide

  6. “Let’s Encrypt is leaving
    beta today”
    https://letsencrypt.org/2016/04/12/leaving-beta-new-sponsors.html

    View Slide

  7. Now Later
    Less

    HTTPS
    More

    HTTPS

    View Slide

  8. HTTPS knowledge is now
    essential

    View Slide

  9. We are bad at HTTPS

    View Slide

  10. 43% of sites are not secure
    https://www.trustworthyinternet.org/ssl-pulse/

    View Slide

  11. “industry-wide configuration

    problem with the
    deployment of DHE key
    exchange”

    — Huang, Adhikarla, Boneh, & Jackson (2014)

    http://www.w2spconf.com/2014/papers/TLS.pdf

    View Slide

  12. “misconfiguration errors

    are undermining the
    potential security”

    — Kranch & Bonneau (2015)
    http://www.internetsociety.org/sites/default/files/01_4_0.pdf

    View Slide

  13. Why?

    View Slide

  14. Unless you are a
    cryptographer, this

    stuff is hard

    View Slide

  15. Copying and pasting is
    easy

    View Slide

  16. Knowing what you are
    doing is hard

    View Slide

  17. TLS Basics

    View Slide

  18. Transport Layer

    Security

    View Slide

  19. SSL v2

    SSL v3

    TLS v1

    TLS v1.1

    TLS v1.2
    1995

    1996

    1999

    2006

    2008

    View Slide

  20. TCP

    Transport Layer Security

    HTTP

    View Slide

  21. Provides authentication,
    encryption, integrity,
    and key exchange

    View Slide

  22. Authentication

    View Slide

  23. Is the server the intended
    server?

    View Slide

  24. Integrity

    View Slide

  25. Is the message sent the
    message received?

    View Slide

  26. Encryption

    View Slide

  27. Converts plaintext to
    ciphertext

    View Slide

  28. i r y b p v g l

    View Slide

  29. i r y b p v g l
    v e l o c i t y

    View Slide

  30. A B C D E F
    N O P Q R S
    +13

    View Slide

  31. Letter + 13 = Cipher Letter

    View Slide

  32. Key is 13

    View Slide

  33. Key owners can encrypt
    and decrypt

    View Slide

  34. Key Exchange

    View Slide

  35. How do we establish an
    encryption key for 2
    unknown parties over an
    insecure connection?

    View Slide

  36. By Alessandro Nassiri - Museo della Scienza e della Tecnologia "Leonardo da Vinci", CC BY-SA 4.0, https://
    commons.wikimedia.org/w/index.php?curid=47910919

    View Slide

  37. Diffie-Hellman-Merkle
    key exchange

    View Slide

  38. p = 23

    g = 5
    https://github.com/tollmanz/diffie-hellman-key-exchange-demo
    Demo

    View Slide

  39. If anything goes wrong,
    make a joke about bad
    wifi

    View Slide

  40. Compromise of any of
    these, compromises the
    whole system

    View Slide

  41. Cipher Suites

    View Slide

  42. Combination of
    algorithms for
    authentication,
    integrity, encryption,
    and key exchange

    View Slide

  43. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_certificate /path/to/public.crt;
    ssl_certificate_key /path/to/private.key;
    ssl_ciphers ECDHE-RSA-AES128-GCM-
    SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-
    RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-
    SHA384…;
    ssl_prefer_server_ciphers on;
    https://github.com/igrigorik/istlsfastyet.com/blob/master/nginx/includes/ssl.conf

    View Slide

  44. ECDHE-RSA-AES128-GCM-SHA256

    View Slide

  45. ECDHE-RSA-AES128-GCM-SHA256
    Key Exchange

    View Slide

  46. ECDHE-RSA-AES128-GCM-SHA256
    Certificate signing
    algorithm (Authentication)

    View Slide

  47. ECDHE-RSA-AES128-GCM-SHA256
    Cipher (Encryption)

    View Slide

  48. ECDHE-RSA-AES128-GCM-SHA256
    Message authentication
    code (Integrity)

    View Slide

  49. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-
    SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-
    GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-
    GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-
    ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-
    AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-
    SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-
    SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-
    AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-
    SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-
    SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-
    SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!
    DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-
    RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

    View Slide

  50. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-
    SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-
    GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-
    GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-
    ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-
    AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-
    SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-
    SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-
    AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-
    SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-
    SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-
    SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!
    DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-
    RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

    View Slide

  51. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-
    SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-
    GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-
    GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-
    ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-
    AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-
    SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-
    SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-
    AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-
    SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-
    SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-
    SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!
    DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-
    RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

    View Slide

  52. View Slide

  53. What?

    View Slide

  54. Use Mozilla’s guide

    https://wiki.mozilla.org/Security/Server_Side_TLS

    View Slide

  55. The Code Book

    Simon Singh
    High Performance Browser Networking (TLS
    Chapter)

    Ilya Grigorik
    Bulletproof SSL and TLS

    Ivan Ristic
    SSL and TLS: Designing and Building Secure
    Systems

    Eric Rescorla

    View Slide

  56. https://speakerdeck.com/
    tollmanz/https-is-coming-are-
    you-prepared-velocity-2016

    @tollmanz

    View Slide