Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Understanding HTTPS and TLS

Understanding HTTPS and TLS

Google, Firefox, and the IETF are currently engaged in major initiatives to convert the web to be secure by default. Page ranking, new browser APIs, and HTTP/2 are all pushing websites to require HTTPS. An HTTPS only web is imminent. Unfortunately, according to SSL Pulse, 75% of the top 1 million websites that use HTTPS are not actually secure because of misconfiguration. Do you know how to configure HTTPS properly? In my talk, I will discuss the key aspects of HTTPS to empower developers to deploy truly secure HTTPS sites.

Zack Tollman

April 23, 2016
Tweet

More Decks by Zack Tollman

Other Decks in Technology

Transcript

  1. Understanding
    HTTPS and TLS
    Zack Tollman @tollmanz

    View full-size slide

  2. “Pervasive monitoring is a
    technical attack that
    should be mitigated in the
    design of IETF protocols,
    where possible.”

    — IETF
    https://tools.ietf.org/html/rfc7258

    View full-size slide

  3. “Today we are
    announcing our intent to
    phase out non-secure
    HTTP”

    — Richard Barnes, Firefox Security Lead
    https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/

    View full-size slide

  4. HTTP/2 is TLS only in
    Chrome, Firefox, Opera,
    IE/Edge, and Safari
    https://wiki.mozilla.org/Networking/http2

    View full-size slide

  5. Now Later
    Less

    HTTPS
    More

    HTTPS

    View full-size slide

  6. HTTPS knowledge is now
    essential

    View full-size slide

  7. We are bad at HTTPS

    View full-size slide

  8. 58% of sites are not secure
    https://www.trustworthyinternet.org/ssl-pulse/

    View full-size slide

  9. “misconfiguration errors

    are undermining the
    potential security”

    — Kranch & Bonneau (2015)
    http://www.internetsociety.org/sites/default/files/01_4_0.pdf

    View full-size slide

  10. “industry-wide configuration

    problem with the
    deployment of DHE key
    exchange”

    — Huang, Adhikarla, Boneh, & Jackson
    (2014)

    http://www.w2spconf.com/2014/papers/TLS.pdf

    View full-size slide

  11. Unless you are a
    cryptographer, this

    stuff is hard

    View full-size slide

  12. Copying and pasting is
    easy

    View full-size slide

  13. Knowing what you are
    doing is hard

    View full-size slide

  14. Transport Layer Security

    View full-size slide

  15. SSL v2

    SSL v3

    TLS v1

    TLS v1.1

    TLS v1.2
    1995

    1996

    1999

    2006

    2008

    View full-size slide

  16. TCP

    Transport Layer Security

    HTTP

    View full-size slide

  17. Provides authentication,
    encryption, integrity, and
    key exchange

    View full-size slide

  18. Authentication

    View full-size slide

  19. Is the server the intended
    server?

    View full-size slide

  20. Is the message received
    the message sent?

    View full-size slide

  21. Converts plaintext to
    ciphertext

    View full-size slide

  22. j b e q c e r f f

    View full-size slide

  23. j b e q c e r f f
    w o r d p r e s s

    View full-size slide

  24. A B C D E F
    N O P Q R S
    +13

    View full-size slide

  25. Letter + 13 = Cipher Letter

    View full-size slide

  26. Substitution Cipher

    Caesar Cipher

    View full-size slide

  27. Key owners can encrypt
    and decrypt

    View full-size slide

  28. Key Exchange

    View full-size slide

  29. How do we establish an
    encryption key for 2
    unknown parties over an
    insecure connection?

    View full-size slide

  30. By Alessandro Nassiri - Museo della Scienza e della Tecnologia "Leonardo da Vinci",
    CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=47910919

    View full-size slide

  31. Diffie-Hellman-Merkle
    key exchange

    View full-size slide

  32. p = 23

    g = 5
    https://github.com/tollmanz/diffie-hellman-key-exchange-demo
    Demo

    View full-size slide

  33. If anything goes wrong,
    make a joke about bad
    wifi

    View full-size slide

  34. Compromise of any of
    these, compromises the
    whole system

    View full-size slide

  35. Cipher Suites

    View full-size slide

  36. Combination of
    algorithms for
    authentication, integrity,
    encryption, and key
    exchange

    View full-size slide

  37. ssl_protocols TLSv1 TLSv1.1
    TLSv1.2;
    ssl_certificate /path/to/public.crt;
    ssl_certificate_key /path/to/private.key;
    ssl_ciphers ECDHE-RSA-AES128-GCM-
    SHA256:ECDHE-ECDSA-AES128-GCM-
    SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-
    ECDSA-AES256-GCM-SHA384…;
    ssl_prefer_server_ciphers on;
    https://github.com/igrigorik/istlsfastyet.com/blob/master/nginx/includes/ssl.conf

    View full-size slide

  38. ECDHE-RSA-AES128-GCM-SHA256

    View full-size slide

  39. ECDHE-RSA-AES128-GCM-SHA256
    Key Exchange

    View full-size slide

  40. ECDHE-RSA-AES128-GCM-SHA256
    Certificate signing
    algorithm
    (Authentication)

    View full-size slide

  41. ECDHE-RSA-AES128-GCM-SHA256
    Cipher (Encryption)

    View full-size slide

  42. ECDHE-RSA-AES128-GCM-SHA256
    Message authentication
    code (Integrity)

    View full-size slide

  43. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-
    GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-
    ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-
    SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH
    +AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-
    AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-
    AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-
    AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-
    AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-
    SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-
    SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-
    SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-
    SHA256:AES256-SHA256:AES128-SHA:AES256-
    SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!
    EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-
    CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-
    SHA

    View full-size slide

  44. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-
    GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-
    ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-
    SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH
    +AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-
    AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-
    AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-
    AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-
    AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-
    SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-
    SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-
    SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-
    SHA256:AES256-SHA256:AES128-SHA:AES256-
    SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!
    EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-
    CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-
    SHA

    View full-size slide

  45. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-
    GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-
    ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-
    SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH
    +AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-
    AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-
    AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-
    AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-
    AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-
    SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-
    SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-
    SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-
    SHA256:AES256-SHA256:AES128-SHA:AES256-
    SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!
    EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-
    CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-
    SHA

    View full-size slide

  46. Use Mozilla’s guide

    https://wiki.mozilla.org/Security/Server_Side_TLS

    View full-size slide

  47. The Code Book

    Simon Singh
    High Performance Browser
    Networking (TLS Chapter)

    Ilya Grigorik
    Bulletproof SSL and TLS

    Ivan Ristic
    SSL and TLS: Designing and Building
    Secure Systems

    Eric Rescorla

    View full-size slide

  48. https://speakerdeck.com/
    tollmanz/understanding-
    https-and-tls

    @tollmanz

    View full-size slide