Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The first few milliseconds of HTTPS

Joshua Thijssen
October 03, 2014
70

The first few milliseconds of HTTPS

Joshua Thijssen

October 03, 2014
Tweet

More Decks by Joshua Thijssen

Transcript

  1. 2

  2. ➡ What’s happening in the first 200+ milliseconds in a

    initial HTTPS connection. ➡ Give tips and hints on hardening your setup. 2
  3. ➡ What’s happening in the first 200+ milliseconds in a

    initial HTTPS connection. ➡ Give tips and hints on hardening your setup. ➡ Give you insights in new and upcoming technologies. 2
  4. ➡ What’s happening in the first 200+ milliseconds in a

    initial HTTPS connection. ➡ Give tips and hints on hardening your setup. ➡ Give you insights in new and upcoming technologies. ➡ Show you things to you (probably) didn’t knew. 2
  5. This talk is inspired by a blogpost from Jeff Moser

    http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html Unknown fact! 3
  6. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! SSL 1.0 Vaporware 1994 7
  7. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 SSL 1.0 Vaporware 1994 7
  8. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 apr 2006 TLS 1.1 SSL 1.0 Vaporware 1994 7
  9. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 apr 2006 TLS 1.1 TLS 1.2 aug 2008 SSL 1.0 Vaporware 1994 7
  10. https://www.trustworthyinternet.org/ssl-pulse/ 25,7% 99,6% 99,3% 18,2% 20,7% SSL 2.0 SSL 3.0

    TLS 1.0 TLS 1.1 TLS 1.2 8 20,5% 98,5% 99,3% 38,4% 40,8% SSL 2.0 SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2 November 2013 Aug 2014
  11. ➡ Handshake protocol records ➡ Setup communication ➡ Change Cipher

    Spec protocol records ➡ Change communication ➡ Alert protocol records ➡ Errors ➡ Application Data protocol records ➡ Actual data transfers 11
  12. 14

  13. 15

  14. 20

  15. 21

  16. TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Cipher for exchanging key information

    Cipher for authenticating key information Actual cipher (and length) used for communication 23
  17. TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Cipher for exchanging key information

    Cipher for authenticating key information Hash algo for message authenticating Actual cipher (and length) used for communication 23
  18. 28 https://cipherli.st SSLCipherSuite AES256+EECDH:AES256+EDH SSLProtocol All -SSLv2 -SSLv3 SSLCompression off

    # Requires Apache >= 2.4 SSLHonorCipherOrder On SSLUseStapling on # Requires Apache >= 2.4 SSLStaplingCache "shmcb:logs/stapling-cache(150000)" # Requires >= Apache 2.4 Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" Header always set X-Frame-Options DENY ssl_ciphers 'AES256+EECDH:AES256+EDH'; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache builtin:1000 shared:SSL:10m; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; add_header X-Frame-Options DENY; ssl_stapling on; # Requires nginx >= 1.3.7 ssl_stapling_verify on; # Requires nginx => 1.3.7 resolver $DNS-IP-1 $DNS-IP-2 valid=300s; resolver_timeout 5s; Apache: nginx:
  19. 30

  20. 31

  21. 33

  22. 34

  23. 35

  24. 36

  25. 37 ➡ SNI (Server Name Indication) ➡ Extension 0x0000 ➡

    Pretty much every decent browser / server. ➡ IE6, Win XP, Blackberry, Android 2.x, java 1.6.x ➡ So no worries!
  26. 38

  27. 39

  28. What an SSL certificate is NOT: 40 ➡ SSL certificate

    (but a X.509 certificate) ➡ Automatically secure ➡ Automatically trustworthy ➡ In any way better self-signed certificates ➡ Cheap
  29. What an SSL certificate is: 41 ➡ The best way

    (but not perfect) to prove authenticity ➡ A way to bootstrap encrypted communication ➡ Misleading ➡ (Too) Expensive
  30. 42

  31. 42 ➡ X.509 Certificate ➡ Owner info (who is this

    owner) ➡ Domain info (for which domain(s) is this certificate valid)
  32. 42 ➡ X.509 Certificate ➡ Owner info (who is this

    owner) ➡ Domain info (for which domain(s) is this certificate valid) ➡ Expiry info (from when to when is this certificate valid)
  33. ➡ (Root) Certificate Authorities ➡ They are built into your

    browser / OS and you will automatically trust them. 45
  34. 47

  35. 47 ➡ X.509 certificates are used to authenticate the server.

    ➡ Servers can ask clients to authenticate themselves as well.
  36. 47 ➡ X.509 certificates are used to authenticate the server.

    ➡ Servers can ask clients to authenticate themselves as well. ➡ APIs
  37. 48

  38. 49

  39. 50 pre master secret server rand client rand master secret

    master secret server rand client rand Generating secrets: + + + +
  40. 50 pre master secret server rand client rand master secret

    master secret server rand client rand key buffer Generating secrets: + + + +
  41. 50 pre master secret server rand client rand master secret

    client MAC client KEY client IV server MAC server KEY server IV master secret server rand client rand key buffer Generating secrets: + + + +
  42. 52

  43. 53

  44. 54

  45. 55

  46. 56 Wireshark CAN decrypt your HTTPS traffic Unknown fact! SSLKEYLOGFILE

    https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets+/16415
  47. 58

  48. ➡ TLS has overhead in computation and transfers. But definitely

    worth it. ➡ Google likes it. ➡ Some ciphersuites are better, but slower. ➡ Speed / Security compromise ➡ (try: “openssl speed”) 59
  49. 64

  50. 65

  51. 66

  52. 67

  53. 81 Find me on twitter: @jaytaph Find me for development

    and training: www.noxlogic.nl Find me on email: [email protected] Find me for blogs: www.adayinthelifeof.nl