Embed Size (px)
ROME 18-19 MARCH 2016
Let's Go ! HTTPSSimone Carle4
! HTTPS
! HTTPS
I About HTTPS
II Obtaining an SSL cer?ficate
III Deploying an SSL cer?ficate
IV Serving HTTPS
IV
III
II
I
Simone Carle4@weppos
About HTTPS
I
IV
III
II
I
What is HTTPS?
IV
III
II
I
HTTPS (also called HTTP over TLS, HTTP over SSL, and HTTP Secure) is a protocol for secure communica?on over a computer network which is widely used on the Internet. HTTPS consists of communica?on over Hypertext Transfer Protocol (HTTP) within a connec?on encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer. hTps://en.wikipedia.org/wiki/HTTPS
IV
III
II
I
What is HTTPS?HTTPS is a secure HTTP connec?on.
IV
III
II
I
HTTPS is HTTP over an encrypted connec?on secured by TLS (previously SSL).
IV
III
II
I
HTTPS is how websites securely exchange informa?on.
IV
III
II
I
Secure Connec@on
Encryp@on The process of encoding messages or informa?on in such a way that only authorized par?es can read it.
Authen@ca@on The process of determining whether someone or something is, in fact, who or what it is declared to be.
IV
III
II
I
KEEP CALM AND
HTTP IS NOT ENCRYPTED
HTTP ResponseHTTP Request
! HTTPS RequestHTTP Request
Authen@ca@on
Authen@ca@on
Authen@ca@on
Authen@ca@on
SSL Cer@ficate
IV
III
II
I
Why HTTPS?
IV
III
II
I
Why HTTPS?
! Security
! Ranking factor
! HTTP/2
! HTML 5 features
! Chrome Geo loca?on
! Firefox form + HTTPSIV
III
II
I
! Security
• Data integrity
• User sensible informa?on
• Unencrypted traffic can be:
• sniffed
• modified (e.g. adver?sement or script injec?on)
! Ranking factorhTps://webmasters.googleblog.com/2014/08/hTps-as-ranking-signal.html
! HTTP/2hTps://webmasters.googleblog.com/2014/08/hTps-as-ranking-signal.html
! HTML 5 powerful featureshTps://blog.mozilla.org/security/2015/04/30/depreca?ng-non-secure-hTp/
hTps://sites.google.com/a/chromium.org/dev/Home/chromium-security/depreca?ng-powerful-features-on-insecure-origins
! Chrome Geo locationhTps://codereview.chromium.org/1530403002/
! Firefox form + HTTPShTps://www.fxsitecompat.com/en-CA/docs/2015/non-hTps-sites-containing-login-form-will-be-marked-insecure/
" SSL Cer@ficateA cer?ficate is a digital document that contains a public key, some informa?on about the en?ty associated with it, and a digital signature from the cer?ficate issuer.
IV
III
II
I
x.509 SSL Cer@ficate
# Version $ Serial Number % Issuer & Validity ' Subject ( Public Key
"
) Extensions
IV
III
II
I
Cer@ficate Types! Single-name cer?ficate example.com
! Wildcard-name cer?ficate *.example.com
! SAN cer?ficate example.com, www.example.com, foobar.com, …
IV
III
II
I
Symmetric vs Asymmetric
*!(
encrypt
(
decrypt
Shared secret key(
+John
+Jane
*!
Jane public key
Jane private key
(
(
+John
+Jane
(
decrypt
(
encrypt
encryp@on
IV
III
II
I
Symmetric encryp@on
"hello world!" "puggy eyxgr!"
"hello world!""puggy eyxgr!"
[["a", "b"],
["b", "w"],
["c", "n"],
["d", "r"],
["e", "u"],
["f", "o"],
["g", "v"],
["h", "p"],
["i", "s"],
["j", "z"],
["k", "k"],
["l", "g"],
["m", "m"],
["n", "h"],
["o", "y"],
["p", "c"],
["q", "j"],
["r", "x"],
["s", "d"],
["t", "t"],
["u", "f"],
["v", "i"],
["w", "e"],
["x", "l"],
["y", "a"],
["z", "q"]]
John encrypts John sends to Jane
Jane receives from John Jane decrypts
IV
III
II
I
How does HTTPS work?
IV
III
II
I
It's not a one-click setup :(yet
IV
III
II
I
Handshake, -
DISCLAIMER: This schema is simplified on purpose.
IV
III
II
I
HandshakeSYN
, -
DISCLAIMER: This schema is simplified on purpose.
IV
III
II
I
HandshakeSYN SYN ACK
, -
DISCLAIMER: This schema is simplified on purpose.
IV
III
II
I
HandshakeSYN SYN ACK
. Client Random
( Cipher suites
ClientHello
, -
DISCLAIMER: This schema is simplified on purpose.
IV
III
II
I
HandshakeSYN SYN ACK
. Client Random
( Cipher suites
/ Server Random
( Cipher suite
" Cer?ficates
0 Session ID
1 Server key exchange data
ClientHello
ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone
, -
DISCLAIMER: This schema is simplified on purpose.
IV
III
II
I
HandshakeSYN SYN ACK
. Client Random
( Cipher suites
/ Server Random
( Cipher suite
" Cer?ficates
0 Session ID
1 Server key exchange data
ClientHello
ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone
1 Client key exchange dataClientKeyExchange
, -
DISCLAIMER: This schema is simplified on purpose.
IV
III
II
I
HandshakeSYN SYN ACK
. Client Random
( Cipher suites
/ Server Random
( Cipher suite
" Cer?ficates
0 Session ID
1 Server key exchange data
ClientHello
ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone
1 Client key exchange dataClientKeyExchange
SYMMETRIC KEY IS GENERATED
, -
DISCLAIMER: This schema is simplified on purpose.
IV
III
II
I
HandshakeSYN SYN ACK
. Client Random
( Cipher suites
/ Server Random
( Cipher suite
" Cer?ficates
0 Session ID
1 Server key exchange data
ClientHello
ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone
1 Client key exchange data
! Client switches to encryp?on
! MAC of handshake
ClientKeyExchange
ChangeCipherSpec, Finished
SYMMETRIC KEY IS GENERATED
, -
DISCLAIMER: This schema is simplified on purpose.
IV
III
II
I
HandshakeSYN SYN ACK
. Client Random
( Cipher suites
/ Server Random
( Cipher suite
" Cer?ficates
0 Session ID
1 Server key exchange data
ClientHello
ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone
1 Client key exchange data
! Client switches to encryp?on
! MAC of handshake
ClientKeyExchange
ChangeCipherSpec, Finished
! Server switches to encryp?on
! MAC of handshake
ChangeCipherSpec, Finished
SYMMETRIC KEY IS GENERATED
, -
DISCLAIMER: This schema is simplified on purpose.
IV
III
II
I
HandshakeSYN SYN ACK
. Client Random
( Cipher suites
/ Server Random
( Cipher suite
" Cer?ficates
0 Session ID
1 Server key exchange data
ClientHello
ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone
1 Client key exchange data
! Client switches to encryp?on
! MAC of handshake
ClientKeyExchange
ChangeCipherSpec, Finished
! Server switches to encryp?on
! MAC of handshake
ChangeCipherSpec, Finished
SYMMETRIC KEY IS GENERATED
2 Applica?on data2 Applica?on data
, -
DISCLAIMER: This schema is simplified on purpose.
IV
III
II
I
Cipher Suites
A cipher suite is a selec?on of cryptographic primi?ves and other parameters that defines exactly how security will be implemented.
Bulletproof SSL and TLS
IV
III
II
I
Cryptographic primi@ves
At the lowest level, cryptography relies on various cryptographic primi0ves. Each primi?ve is designed with a par?cular useful func?onality in mind. The primi?ves alone are not very useful, but we can combine them into schemes and protocols to provide robust security. For example, we might use one primi?ve for hashing, one for encryp@on and another for integrity checking.
IV
III
II
I
Obtaining an SSL cer@ficate
II
IV
III
II
I
self signed vs trusted• Provides encryp?on
• Provides authen?ca?on
• Issued and signed by a publicly trusted Cer?fica?on Authority
• Suitable for produc?on environments as well for tes?ng
• Generally not free
• Provides encryp?on
• Doesn't provide authen?ca?on
• self-signed
• Generally used for tes?ng
• Free
Cer?ficate AuthorityA Cer?ficate Authority (CA) is a trusted, private en?ty that issues digital cer?ficates.
IV
III
II
I
Chain of trust
• Browsers and opera?ng systems include a list of trusted cer?ficates • These cer?ficates are called root cer'ficates, and they generally belong to trusted
par?es, such as cer?ficate authori?esIV
III
II
I
Chain of trust
• When a cer?ficate authority issues a cer?ficate, they sign the cer?ficate with their root cer?ficate
IV
III
II
I
Chain of trust
• Truthfully, in most cases cer?fica?on authori?es use sub-cer?ficates to sign your cer?ficate
• These cer?ficates are called intermediate cer'ficates, and they are signed with a root cer?ficateIV
III
II
I
Chain of trust
• When the browser connects to a site via HTTPS, the browser reads the site cer?ficate
• The cer?ficate doesn't match a trusted root cer?ficateIV
III
II
I
Chain of trust
• The browser aTempts to download the cer?ficate that was used to sign the current cer?ficate
• The cer?ficate doesn't match a trusted root cer?ficateIV
III
II
I
Chain of trust
• The browser aTempts to download the cer?ficate that was used to sign the current cer?ficate
• The cer?ficate matches a root cer?ficate • The original cer@ficate is trusted :) • The en?re cer@ficate chain is trusted
3
IV
III
II
I
Chain of trust
• The browser aTempts to download the cer?ficate that was used to sign the current cer?ficate
• The cer?ficate doesn't match a root cer?ficate, and there are no more cer?ficates • The original cer@ficate is untrusted :( • The en?re cer@ficate chain is untrusted
4
IV
III
II
I
IV
III
II
I
Create a Cer@ficateGenerate a
Private/Public key pair$ openssl genrsa -des3 -out private.key 2048
... Enter pass phrase for private.key: Verifying - Enter pass phrase for private.key:
IV
III
II
I
Create a Cer@ficateGenerate a
Private/Public key pair
Generate a
Cer?ficate Signing Request (CSR)
$ openssl req -nodes -new -key private.key -out server.csr
... Country Name (2 letter code) [AU]:US Common Name (eg, YOUR name) []:www.example.com ...
IV
III
II
I
Create a Cer@ficateGenerate a
Private/Public key pair
Generate a
Cer?ficate Signing Request (CSR)
for a self-signed cer?ficate
Sign the cer?ficate
$ openssl x509 -req -days 365 -in server.csr -signkey private.key -out certificate.pem
hTps://devcenter.heroku.com/ar?cles/ssl-cer?ficate-self
IV
III
II
I
Request a trusted Cer@ficateGenerate a
Private/Public key pair
Generate a
Cer?ficate Signing Request (CSR)
for a trusted cer?ficate
Request the Cer?ficate (*)
Request generally means purchase.
You can purchase an SSL cer?ficate either from a CA, or a reseller.
Some providers offer visual tools that help you with the request process (e.g. by genera?ng the CSR)
(*)
IV
III
II
I
Request a trusted Cer@ficateGenerate a
Private/Public key pair
Generate a
Cer?ficate Signing Request (CSR)
for a trusted cer?ficate
Request the Cer?ficate (*)
• Select the cer?ficate type
• Submit the CSR
• Validate the request
• Obtain the cer?ficate
(*)
IV
III
II
I
! (DV) Domain Validated asserts control of a domain
! (OV) Organiza?on Validated asserts control of a domain as well basic organiza?onal vepng
! (EV) Extended Valida?on asserts control of a domain as well extended organiza?onal vepng
Cer@ficate Types
IV
III
II
I
5 Now you should have
1. A CSR file
2. A cer?ficate file
3. A private key file
4. (op0onally) A list of
intermediate cer?ficate files
-----BEGIN CERTIFICATE----- MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -----END CERTIFICATE-----IV
III
II
I
Deploying an SSL cer@ficate
IV
III
II
I
III
Install the cer@ficate on the server along with the private key, and intermediate cer?ficate chain.
Configure HTTPS configure protocol version, cypher suite and cypher sepngs.
To deploy HTTPS you need to:
IV
III
II
I
History of secure protocolsSSL 1 Never released
SSL 2 1996 A number of security flaws
SSL 3 1995 Broken. Vulnerable to POODLE aTack
TLS 1.0 1999
TLS 1.1 2006
TLS 1.2 2008IV
III
II
I
Example configserver { listen 443 ssl http2; listen [::]:443 ssl http2;
# ssl certificate config ssl_certificate /path/to/certificate_and_intermediates; ssl_certificate_key /path/to/private_key;
# ssl session config ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off;
# protocol and cipher config ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_prefer_server_ciphers on; }
IV
III
II
I
Example configserver { listen 443 ssl http2; listen [::]:443 ssl http2;
# ssl certificate config ssl_certificate /path/to/certificate_and_intermediates; ssl_certificate_key /path/to/private_key;
# ssl session config ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off;
# protocol and cipher config ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_prefer_server_ciphers on; }
IV
III
II
I
Example configserver { listen 443 ssl http2; listen [::]:443 ssl http2;
# ssl certificate config ssl_certificate /path/to/certificate_and_intermediates; ssl_certificate_key /path/to/private_key;
# ssl session config ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off;
# protocol and cipher config ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_prefer_server_ciphers on; }
IV
III
II
I
Example configserver { listen 443 ssl http2; listen [::]:443 ssl http2;
# ssl certificate config ssl_certificate /path/to/certificate_and_intermediates; ssl_certificate_key /path/to/private_key;
# ssl session config ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off;
# protocol and cipher config ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_prefer_server_ciphers on; }
IV
III
II
I
hTps://mozilla.github.io/server-side-tls/ssl-config-generator/hTps://cipherli.st/
IV
III
II
I
Heroku$ heroku addons:create ssl:endpoint Adding ssl:endpoint on example... done, v1 ($20/mo)
$ heroku certs:add server.crt server.key Adding SSL Endpoint to example... done example now served by example-2121.herokussl.com. Certificate details: Expires At: 2012-10-31 21:53:18 GMT Issuer: C=US; ST=CA; L=SF; O=Heroku; CN=www.example.com Starts At: 2011-11-01 21:53:18 GMT
hTps://devcenter.heroku.com/ar?cles/ssl-endpoint
hTps://devcenter.heroku.com/ar?cles/ssl-cer?ficate-dnsimpleIV
III
II
I
Caddy server
IV
III
II
I
Caddy server
IV
III
II
I
Lifecycle of a Cer@ficate
6 Requested
! Issued
& Expired
4 Revoked
7 Rekeyed
Serving HTTPS
IV
III
II
I
IV
Cookie security$ curl -I https://dnsimple.com
HTTP/1.1 200 OK Server: nginx Date: Tue, 15 Mar 2016 15:52:08 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive ETag: W/"f2d21600cdff911b9ee6a44dabcda234" Cache-Control: max-age=0, private, must-revalidate Set-Cookie: _session=eccefb19761929d668000056d1b2; path=/; HttpOnly; secure X-Request-Id: 9d77f4c5-ab6b-443e-91bd-76a0383d8ab5 X-Runtime: 0.016254 Strict-Transport-Security: max-age=31536000
IV
III
II
I
Cookie security$ curl -I https://dnsimple.com
HTTP/1.1 200 OK Server: nginx Date: Tue, 15 Mar 2016 15:52:08 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive ETag: W/"f2d21600cdff911b9ee6a44dabcda234" Cache-Control: max-age=0, private, must-revalidate Set-Cookie: _session=eccefb19761929d668000056d1b2; path=/; HttpOnly; secure X-Request-Id: 9d77f4c5-ab6b-443e-91bd-76a0383d8ab5 X-Runtime: 0.016254 Strict-Transport-Security: max-age=31536000
IV
III
II
I
Mixed Content security error
IV
III
II
I
Mixed Content security error
IV
III
II
I
Mixed Content security error
IV
III
II
I
Mixed Content security error
IV
III
II
I
Mixed Content security error
IV
III
II
I
Chrome security debugger
IV
III
II
I
HSTS Header$ curl -I https://dnsimple.com
HTTP/1.1 200 OK Server: nginx Date: Tue, 15 Mar 2016 15:52:08 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive ETag: W/"f2d21600cdff911b9ee6a44dabcda234" Cache-Control: max-age=0, private, must-revalidate Set-Cookie: _session=eccefb19761929d668000056d1b2; path=/; HttpOnly; secure X-Request-Id: 9d77f4c5-ab6b-443e-91bd-76a0383d8ab5 X-Runtime: 0.016254 Strict-Transport-Security: max-age=31536000
IV
III
II
I
HSTS Header
The first ?me your site is accessed using HTTPS and it returns the Strict-Transport-Security header, the browser records this informa?on, so that future aTempts to load the site using HTTP will automa?cally use HTTPS instead.
When the expira?on ?me specified by the Strict-Transport-Security header elapses, the next aTempt to load the site via HTTP will proceed as normal instead of automa?cally using HTTPS.
Strict-Transport-Security: max-age=31536000 Strict-Transport-Security: max-age=31536000; includeSubDomains Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
IV
III
II
I
HSTS Header
The first ?me your site is accessed using HTTPS and it returns the Strict-Transport-Security header, the browser records this informa?on, so that future aTempts to load the site using HTTP will automa?cally use HTTPS instead.
When the expira?on ?me specified by the Strict-Transport-Security header elapses, the next aTempt to load the site via HTTP will proceed as normal instead of automa?cally using HTTPS.
Strict-Transport-Security: max-age=31536000 Strict-Transport-Security: max-age=31536000; includeSubDomains Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
IV
III
II
I
HSTS HeaderStrict-Transport-Security: max-age=31536000 Strict-Transport-Security: max-age=31536000; includeSubDomains Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
hTps://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
hTps://hstspreload.appspot.com/
IV
III
II
I
Public Key Pinning
hTps://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning
Public-Key-Pins: pin-sha256="base64=="; max-age=expireTime [; includeSubdomains][; report-uri="reportURI"]
Public-Key-Pins: max-age=5184000; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg="
IV
III
II
I
Let's Encrypt
Bulletproof SSL and TLS
hTp://bit.ly/codemo?on2016-sslbook
⋆⋆⋆⋆⋆
Simone Carle4! hTps://simonecarlep.com
@weppos
Thanks!
