Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The first few milliseconds of HTTPS - PHPNW16

The first few milliseconds of HTTPS - PHPNW16

Joshua Thijssen

October 01, 2016
Tweet

More Decks by Joshua Thijssen

Other Decks in Technology

Transcript

  1. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! SSL 1.0 Vaporware 1994 5
  2. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 SSL 1.0 Vaporware 1994 5
  3. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 apr 2006 TLS 1.1 SSL 1.0 Vaporware 1994 5
  4. then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 apr 2006 TLS 1.1 TLS 1.2 aug 2008 SSL 1.0 Vaporware 1994 5
  5. https://www.trustworthyinternet.org/ssl-pulse/ 25,7% 99,6% 99,3% 18,2% 20,7% SSL 2.0 SSL 3.0

    TLS 1.0 TLS 1.1 TLS 1.2 6 November 2013 6,9% 21,4% 96,2% 77,6% 80,0% SSL 2.0 SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2 September 2016
  6. 7

  7. ➡ Authenticate and exchange information. ➡ Exchange a key (through

    a public key system). ➡ Create "tunnel" with symmetric encryption (both sides use the same exchanged key). 9
  8. 12

  9. TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Cipher for exchanging key information

    Cipher for authenticating key information Actual cipher (and length) used for communication 14
  10. TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Cipher for exchanging key information

    Cipher for authenticating key information Hash algo for message authenticating Actual cipher (and length) used for communication 14
  11. 21

  12. 22

  13. 23 ➡ SNI (Server Name Indication) ➡ Extension 0x0000 ➡

    Pretty much every decent browser / server / os ➡ Except: IE6, Win XP, Blackberry, Android 2.x, java 1.6.x
  14. 24

  15. What an SSL certificate is NOT: 25 ➡ SSL certificate

    (but a X.509 certificate) ➡ Automatically secure ➡ Automatically trustworthy ➡ In any way better self-signed certificates ➡ Cheap
  16. What an SSL certificate is: 26 ➡ The best way

    (but not perfect) to prove authenticity ➡ A way to bootstrap encrypted communication ➡ Misleading ➡ (Too) Expensive
  17. Certificate: Data: Version: 3 (0x2) Serial Number: 0c:00:93:10:d2:06:db:e3:37:55:35:80:11:8d:dc:87 Signature Algorithm:

    sha256WithRSAEncryption Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA Validity Not Before: Apr 8 00:00:00 2014 GMT Not After : Apr 12 12:00:00 2016 GMT Subject: ... C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b1:d4:dc:3c:af:fd:f3:4e:ed:c1:67:ad:e6:cb: 22:e8:b7:e2:ab:28:f2:f7:dc:62:70:08:d1:0c:af: ....... 67:8d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:github.com, DNS:www.github.com X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE Signature Algorithm: sha256WithRSAEncryption 6f:e7:6d:cb:82:f3:ef:90:87:09:d7:0f:15:22:2c:8c:fe:d3: ab:1c:8a:96:db:5d:12:5d:d1:78:c0:31:b0:ff:45:c8:89:f7: 08:98:52:17:1f:4c:4b:20:64:6a:6d:db:50:d7:10:be:7e:ab: ...... ee:b7:33:69 27
  18. ➡ (Root) Certificate Authorities ➡ They are built into your

    browser / OS and you will automatically trust them. 30
  19. 32

  20. 32 ➡ X.509 certificates are used to authenticate the server.

    ➡ Servers can ask clients to authenticate themselves as well.
  21. 32 ➡ X.509 certificates are used to authenticate the server.

    ➡ Servers can ask clients to authenticate themselves as well. ➡ APIs
  22. ➡ Client generates random key (pre-shared key). ➡ Client encrypts

    key with public key from server SSL certificate. ➡ Client sends encrypted key to server. ➡ Server decrypts key. 34 RSA
  23. ➡ Server generates key pair ➡ Server sends public key

    to client, with signature to prove authenticity (pub key from SSL certificate) ➡ Client generates key pair ➡ Client sends public key to server ➡ Both server and client calculate "secret". 35 (Elliptic curve) Diffie-Hellman (ephemeral)
  24. 36

  25. 37 pre master secret server rand client rand master secret

    master secret server rand client rand Generating secrets: + + + +
  26. 37 pre master secret server rand client rand master secret

    master secret server rand client rand key buffer Generating secrets: + + + +
  27. 37 pre master secret server rand client rand master secret

    client MAC client KEY client IV server MAC server KEY server IV master secret server rand client rand key buffer Generating secrets: + + + +
  28. 39

  29. 40

  30. 41

  31. 42 Wireshark CAN decrypt your HTTPS traffic Unknown fact! SSLKEYLOGFILE

    https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets+/16415
  32. ➡ TLS has overhead in computation and transfers. But definitely

    worth it. ➡ Google likes it. ➡ Some cipher suites are better, but slower. ➡ Speed / Security compromise ➡ (try: “openssl speed”) 45
  33. 48 ➡ Still in draft ➡ 1-RTT (initial 0-RTT) for

    handshakes ➡ Dropped insecure features
  34. 51 Find me on twitter: @jaytaph Find me for development

    and training: www.noxlogic.nl Find me on email: [email protected] Find me for blogs: www.adayinthelifeof.nl