Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The first few milliseconds of HTTPS - PHPNW16
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Joshua Thijssen
October 01, 2016
Technology
300
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
The first few milliseconds of HTTPS - PHPNW16
Joshua Thijssen
October 01, 2016
More Decks by Joshua Thijssen
See All by Joshua Thijssen
RAFT: A story on how clusters of computers keep your data in sync
jaytaph
0
76
The first few milliseconds of HTTPS
jaytaph
0
300
Paradoxes and theorems every developer should know
jaytaph
0
350
Paradoxes and theorems every developer should know
jaytaph
0
790
compiler_-_php010.pdf
jaytaph
0
160
Paradoxes and theorems every developer should know
jaytaph
0
300
Introduction into interpreters, compilers and JIT
jaytaph
1
380
Paradoxes and theorems every developer should know
jaytaph
1
980
Are you out of memory, or have plenty to spare?
jaytaph
0
270
Other Decks in Technology
See All in Technology
キャリアの中で本を作る / Making a Book During Your Career
ak1210
0
130
人を動かすのは時間ではなく、納得感 〜新任EMが入社3ヶ月、組織を2回変えた話〜
kakehashi
PRO
3
220
脱金融のフューチャー・デザイン / Future Design Beyond Finance
ks91
PRO
0
150
Terraform共通モジュールをチーム横断で“変えられる”運用へ ― リリースと適用の分離
kekke_n
1
2.8k
AI時代の開発生産性は、個人技からチーム設計へ
moongift
PRO
2
190
誤解だらけの開発生産性 / Myths and Misconceptions about Developer Productivity
i35_267
1
240
タスクの複雑さでモデルを選ぶ ── Thompson Samplingで動かす“トークン/コスト最適化
satohy0323
0
280
インフラと開発の垣根を超えていき!〜元AWSインフラエンジニアがAWS開発で奮闘している話〜
hatahata021
1
160
美しいコードを書くためにF#を学んでみた話
yud0uhu
1
410
ヘルスケア領域における AI 活用と その安全性担保のための取り組み (Leveraging AI in Healthcare and Our Efforts to Ensure Its Safety) - Google I/O Extended Tokyo 2026, July 11, 2026
zettaittenani
0
270
SRE Next 2026 何でも屋からの脱却
bto
0
630
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
15
110k
Featured
See All Featured
Impact Scores and Hybrid Strategies: The future of link building
tamaranovitovic
0
330
[SF Ruby Conf 2025] Rails X
palkan
2
1.2k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
360
30k
The Cost Of JavaScript in 2023
addyosmani
55
10k
Collaborative Software Design: How to facilitate domain modelling decisions
baasie
1
260
How To Speak Unicorn (iThemes Webinar)
marktimemedia
1
500
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
260
Speed Design
sergeychernyshev
33
1.9k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.8k
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
3
180
Stewardship and Sustainability of Urban and Community Forests
pwiseman
0
280
Transcript
The first few milliseconds of HTTPS 1 Joshua Thijssen JayTaph
HTTPS == HTTP on top of TLS 2
Transport Layer Security (TLS) 3
Secure Socket Layer (SSL) 4 A short and scary history
then now 5
then now SSL 1.0 Vaporware 1994 5
then now feb 1995 SSL 2.0 Not-so-secure-socket-layer SSL 1.0 Vaporware
1994 5
then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL
3.0 Something stable! SSL 1.0 Vaporware 1994 5
then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL
3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 SSL 1.0 Vaporware 1994 5
then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL
3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 apr 2006 TLS 1.1 SSL 1.0 Vaporware 1994 5
then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL
3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 apr 2006 TLS 1.1 TLS 1.2 aug 2008 SSL 1.0 Vaporware 1994 5
https://www.trustworthyinternet.org/ssl-pulse/ 25,7% 99,6% 99,3% 18,2% 20,7% SSL 2.0 SSL 3.0
TLS 1.0 TLS 1.1 TLS 1.2 6 November 2013
https://www.trustworthyinternet.org/ssl-pulse/ 25,7% 99,6% 99,3% 18,2% 20,7% SSL 2.0 SSL 3.0
TLS 1.0 TLS 1.1 TLS 1.2 6 November 2013 6,9% 21,4% 96,2% 77,6% 80,0% SSL 2.0 SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2 September 2016
7
RFC 5246 (TLS v1.2) 8
➡ Authenticate and exchange information. ➡ Exchange a key (through
a public key system). ➡ Create "tunnel" with symmetric encryption (both sides use the same exchanged key). 9
10 https://github.com/vincentbernat/rfc5077/blob/master/ssl-handshake.svg
Attention: (live) wiresharking up ahead 11
12
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 13
TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 14
TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Cipher for exchanging key information
14
TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Cipher for exchanging key information
Cipher for authenticating key information 14
TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Cipher for exchanging key information
Cipher for authenticating key information Actual cipher (and length) used for communication 14
TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Cipher for exchanging key information
Cipher for authenticating key information Hash algo for message authenticating Actual cipher (and length) used for communication 14
TLS_RSA_WITH_AES_256_CBC_SHA256 15
TLS_NULL_WITH_NULL_NULL 16
Client gives cipher options, Server ultimately decides on cipher! 17
THIS IS WHY YOU SHOULD ALWAYS CONFIGURE YOUR CIPHERS ON
YOUR WEB SERVER! 18 Unknown fact!
19 https://cipherli.st Gives you strong cipher configuration webservers (apache,nginx etc)
and other software.
https://www.ssllabs.com/ssltest/ 20
21
22
23 ➡ SNI (Server Name Indication) ➡ Extension 0x0000 ➡
Pretty much every decent browser / server / os ➡ Except: IE6, Win XP, Blackberry, Android 2.x, java 1.6.x
24
What an SSL certificate is NOT: 25 ➡ SSL certificate
(but a X.509 certificate) ➡ Automatically secure ➡ Automatically trustworthy ➡ In any way better self-signed certificates ➡ Cheap
What an SSL certificate is: 26 ➡ The best way
(but not perfect) to prove authenticity ➡ A way to bootstrap encrypted communication ➡ Misleading ➡ (Too) Expensive
Certificate: Data: Version: 3 (0x2) Serial Number: 0c:00:93:10:d2:06:db:e3:37:55:35:80:11:8d:dc:87 Signature Algorithm:
sha256WithRSAEncryption Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA Validity Not Before: Apr 8 00:00:00 2014 GMT Not After : Apr 12 12:00:00 2016 GMT Subject: ... C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b1:d4:dc:3c:af:fd:f3:4e:ed:c1:67:ad:e6:cb: 22:e8:b7:e2:ab:28:f2:f7:dc:62:70:08:d1:0c:af: ....... 67:8d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:github.com, DNS:www.github.com X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE Signature Algorithm: sha256WithRSAEncryption 6f:e7:6d:cb:82:f3:ef:90:87:09:d7:0f:15:22:2c:8c:fe:d3: ab:1c:8a:96:db:5d:12:5d:d1:78:c0:31:b0:ff:45:c8:89:f7: 08:98:52:17:1f:4c:4b:20:64:6a:6d:db:50:d7:10:be:7e:ab: ...... ee:b7:33:69 27
28 yourdomain.com
28 yourdomain.com Intermediate CA
28 yourdomain.com Intermediate CA
28 yourdomain.com Root CA Intermediate CA
28 yourdomain.com Root CA Intermediate CA
28 yourdomain.com Root CA Intermediate CA
29 IMPLIED TRU$T
➡ (Root) Certificate Authorities ➡ They are built into your
browser / OS and you will automatically trust them. 30
31 wget http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt\?raw\=1 -O - -q | grep Issuer |
sort | uniq | wc -l
31 wget http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt\?raw\=1 -O - -q | grep Issuer |
sort | uniq | wc -l 176 And rising...
32
32 ➡ X.509 certificates are used to authenticate the server.
32 ➡ X.509 certificates are used to authenticate the server.
➡ Servers can ask clients to authenticate themselves as well.
32 ➡ X.509 certificates are used to authenticate the server.
➡ Servers can ask clients to authenticate themselves as well. ➡ APIs
Sending over our initial secret data 33
➡ Client generates random key (pre-shared key). ➡ Client encrypts
key with public key from server SSL certificate. ➡ Client sends encrypted key to server. ➡ Server decrypts key. 34 RSA
➡ Server generates key pair ➡ Server sends public key
to client, with signature to prove authenticity (pub key from SSL certificate) ➡ Client generates key pair ➡ Client sends public key to server ➡ Both server and client calculate "secret". 35 (Elliptic curve) Diffie-Hellman (ephemeral)
36
37 Generating secrets:
37 pre master secret Generating secrets:
37 pre master secret server rand client rand Generating secrets:
+ +
37 pre master secret server rand client rand master secret
Generating secrets: + +
37 pre master secret server rand client rand master secret
master secret server rand client rand Generating secrets: + + + +
37 pre master secret server rand client rand master secret
master secret server rand client rand key buffer Generating secrets: + + + +
37 pre master secret server rand client rand master secret
client MAC client KEY client IV server MAC server KEY server IV master secret server rand client rand key buffer Generating secrets: + + + +
https://github.com/jaytaph/TLS-decoder 38 http://www.adayinthelifeof.nl/2013/12/30/decoding-tls-with-php/ Try it yourself, php style:
39
40
41
42 Wireshark CAN decrypt your HTTPS traffic Unknown fact! SSLKEYLOGFILE
https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets+/16415
43 launchctl setenv SSLKEYLOGFILE /tmp/keylog.secret on a mac:
-ETOOMUCHINFO 44
➡ TLS has overhead in computation and transfers. But definitely
worth it. ➡ Google likes it. ➡ Some cipher suites are better, but slower. ➡ Speed / Security compromise ➡ (try: “openssl speed”) 45
https://tools.ietf.org/html/rfc7457 46 Summarizing Known Attacks on Transport Layer Security (TLS)
and Datagram TLS (DTLS)
TLS 1.3 47
48 ➡ Still in draft ➡ 1-RTT (initial 0-RTT) for
handshakes ➡ Dropped insecure features
49 https://www.ssllabs.com/projects/best-practices/index.html
http://farm1.static.flickr.com/73/163450213_18478d3aa6_d.jpg 50
51 Find me on twitter: @jaytaph Find me for development
and training: www.noxlogic.nl Find me on email:
[email protected]
Find me for blogs: www.adayinthelifeof.nl