Understanding HTTPS and TLS

Understanding HTTPS and TLS

Google, Firefox, and the IETF are currently engaged in major initiatives to convert the web to be secure by default. Page ranking, new browser APIs, and HTTP/2 are all pushing websites to require HTTPS. An HTTPS only web is imminent. Unfortunately, according to SSL Pulse, 75% of the top 1 million websites that use HTTPS are not actually secure because of misconfiguration. Do you know how to configure HTTPS properly? In my talk, I will discuss the key aspects of HTTPS to empower developers to deploy truly secure HTTPS sites.

980df66b142b2a067b3f8b67b04352de?s=128

Zack Tollman

April 23, 2016
Tweet

Transcript

  1. Understanding HTTPS and TLS Zack Tollman @tollmanz

  2. None
  3. “Pervasive monitoring is a technical attack that should be mitigated

    in the design of IETF protocols, where possible.” — IETF https://tools.ietf.org/html/rfc7258
  4. “Today we are announcing our intent to phase out non-secure

    HTTP” — Richard Barnes, Firefox Security Lead https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
  5. HTTP/2 is TLS only in Chrome, Firefox, Opera, IE/Edge, and

    Safari https://wiki.mozilla.org/Networking/http2
  6. Now Later Less HTTPS More HTTPS

  7. HTTPS knowledge is now essential

  8. We are bad at HTTPS

  9. 58% of sites are not secure https://www.trustworthyinternet.org/ssl-pulse/

  10. “misconfiguration errors are undermining the potential security” — Kranch &

    Bonneau (2015) http://www.internetsociety.org/sites/default/files/01_4_0.pdf
  11. “industry-wide configuration problem with the deployment of DHE key exchange”

    — Huang, Adhikarla, Boneh, & Jackson (2014) http://www.w2spconf.com/2014/papers/TLS.pdf
  12. Why?

  13. Unless you are a cryptographer, this stuff is hard

  14. Copying and pasting is easy

  15. Knowing what you are doing is hard

  16. TLS Basics

  17. Transport Layer Security

  18. SSL v2 SSL v3 TLS v1 TLS v1.1 TLS v1.2

    1995 1996 1999 2006 2008
  19. TCP Transport Layer Security HTTP

  20. Provides authentication, encryption, integrity, and key exchange

  21. Authentication

  22. Is the server the intended server?

  23. Integrity

  24. Is the message received the message sent?

  25. Encryption

  26. Converts plaintext to ciphertext

  27. j b e q c e r f f

  28. j b e q c e r f f w

    o r d p r e s s
  29. A B C D E F N O P Q

    R S +13
  30. Letter + 13 = Cipher Letter

  31. Substitution Cipher Caesar Cipher

  32. Key is 13

  33. Key owners can encrypt and decrypt

  34. Key Exchange

  35. How do we establish an encryption key for 2 unknown

    parties over an insecure connection?
  36. By Alessandro Nassiri - Museo della Scienza e della Tecnologia

    "Leonardo da Vinci", CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=47910919
  37. Diffie-Hellman-Merkle key exchange

  38. p = 23 g = 5 https://github.com/tollmanz/diffie-hellman-key-exchange-demo Demo

  39. If anything goes wrong, make a joke about bad wifi

  40. Compromise of any of these, compromises the whole system

  41. Cipher Suites

  42. Combination of algorithms for authentication, integrity, encryption, and key exchange

  43. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /path/to/public.crt; ssl_certificate_key /path/to/private.key; ssl_ciphers ECDHE-RSA-AES128-GCM-

    SHA256:ECDHE-ECDSA-AES128-GCM- SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-AES256-GCM-SHA384…; ssl_prefer_server_ciphers on; https://github.com/igrigorik/istlsfastyet.com/blob/master/nginx/includes/ssl.conf
  44. ECDHE-RSA-AES128-GCM-SHA256

  45. ECDHE-RSA-AES128-GCM-SHA256 Key Exchange

  46. ECDHE-RSA-AES128-GCM-SHA256 Certificate signing algorithm (Authentication)

  47. ECDHE-RSA-AES128-GCM-SHA256 Cipher (Encryption)

  48. ECDHE-RSA-AES128-GCM-SHA256 Message authentication code (Integrity)

  49. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128- GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH +AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA- AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA- AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-

    SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256- SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128- SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES- CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3- SHA
  50. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128- GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH +AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA- AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA- AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-

    SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256- SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128- SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES- CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3- SHA
  51. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128- GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH +AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA- AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA- AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-

    SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256- SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128- SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES- CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3- SHA
  52. None
  53. None
  54. What?

  55. Use Mozilla’s guide https://wiki.mozilla.org/Security/Server_Side_TLS

  56. The Code Book Simon Singh High Performance Browser Networking (TLS

    Chapter) Ilya Grigorik Bulletproof SSL and TLS Ivan Ristic SSL and TLS: Designing and Building Secure Systems Eric Rescorla
  57. https://speakerdeck.com/ tollmanz/understanding- https-and-tls @tollmanz