SSL BEST PRACTICES OVERVIEW
THESE PROBLEMS ARE PERVASIVE 77.9% 5.2% 19.2% 42.3% 77.9% of sites are HTTP 5.2% have an incomplete chain 19.2% support weak/insecure cipher suites 42.3% support SSL 3.0 83.1% 5.5% 36.7% https://www.trustworthyinternet.org/ssl-pulse/ 83.1% vulnerable to BEAST attack 5.5% vulnerable to CRIME attack 36.7% do not support Forward Secrecy 2015 Entrust Datacard Corporation. All rights reserved.
YOU ARE RESPONSIBLE! SSL/TLS Protocol Protocol Implementation CA Implementation Defense Evolving Standards Defense Bug free deployment Defense Evolving CA Rqmts Ex. POODLE Ex. Heartbleed Ex. DigiNotar Responsibility IETF Responsibility Server Browser vendors Responsibility CA Browser Forum, Browsers and CA s SERVER IMPLEMENTATION Responsibility=YOU 2015 Entrust Datacard Corporation. All rights reserved.
2015 Entrust Datacard Corporation. All rights reserved.
2015 Entrust Datacard Corporation. All rights reserved. Private Key Protection Key Size Signing Algorithm Self-signed Certificates
Private Keys Private Key Public Key Used to compute secure session If compromised, session could be compromised or identity can be forged Best Practice: Keysize 2048 bit RSA Keys Elliptic Curve P-256 or P-384 > 2048 bit keys are not necessary Best Practice: Private Key Protection Password protect private keys Restrict access to private keys Mark keys as non exportable Create new keys when renewing/replacing certificates Revoke compromised keys Consider storing high value keys on hardware 1 Key per device, avoid private key duplication Entrust, Inc. All rights reserved.
Certificate Signing Algorithms Best Practice: Signing Algorithms Use SHA-2 for all new certificates Replace SHA-1 certificates with SHA-2 SHA-1 is a secure hashing algorithm that puts a unique identity in the signature for a certificate that cannot be duplicated for another certificate SHA-1 is showing weakness and is being replaced with SHA-2 Chrome V41 will deprecate usage of SHA-1 on certs expiring 2016 and beyond SHA-1 will be fully deprecated in 2017 Entrust, Inc. All rights reserved.
2015 Entrust Datacard Corporation. All rights reserved. Secure Protocols Secure Cipher Suites Valid Certificate Chains Renegotiation TLS Compression Session Resumption
Root Issuing CA End Entity Certificate Chains All Public Certificate Authorities are required to issue certificates from a subordinate CA, leaving the root offline The chain certificate is not embedded in client devices The server must present the certificate chain to the client Certificate Chains are commonly misconfigured, resulting in a certificate not trusted dialogue for end users Best Practices: Certificate Chains Follow your vendors device specific chain installation instructions Use SSL Checkers to verify that the complete chain is presented by your server do not rely on browser testing! Entrust, Inc. All rights reserved.
Protocols Protocol for secure session is negotiated between what the server and client support Accepted protocols can be controlled at the server level SSL/TLS Protocol List: SSL v2 - Insecure SSL v3 - Insecure when used with HTTP, should be avoided TLS 1.0 Largely insecure, should be avoided TLS 1.1 - Secure TLS 1.2 - Secure Best Practices: Protocols TLS 1.2 should be the main protocol used Enable TLS 1.0 and 1.1 for maximum client support, using other configuration to mitigate potential vulnerabilities Entrust, Inc. All rights reserved.
Cipher Suites In SSL/TLS, Ciphers Suites are used to define how secure communication and encryption takes places Collection of encryption algorithms if one is found to be weak, switch to another Ciphers configured at the server level client must support ciphers enabled by server Best Practices: Cipher Suites Caesar Cipher One of the oldest ciphers ever used Only use suites that support authentication, encryption of 128 bits or higher Avoid suites with weak ciphers (40 & 56 bits) Avoid CBC encryption mode RC4 is considered weak and it should be disabled consider interoperability impact first as this is widely used by clients Use Validation Tools such as SSL Labs to check to see if your server is accepting insecure ciphers. Entrust, Inc. All rights reserved.
2015 Entrust Datacard Corporation. All rights reserved. Mixed Content Third party Trust Secure Cookies Cross-site Scripting (XSS) Malware
2015 Entrust Datacard Corporation. All rights reserved. Perfect Forward Secrecy OCSP Stapling HTTP Strict Transport Security (HSTS)
HTTP Strict Transport Security (HSTS) Best Practices: HSTS Enable HSTS for all secure web pages, as an extension of SSL Always-ON According to Ivan Ristic, this it the single most important improvement you can make for the TLS security of your websites Extension of Always-On SSL concept Can be used for websites that only allow HTTPS Convey to HSTS supported browsers that your site is only available via HTTPS, by sending HSTS value header Supporting browsers automatically change HTTP queries to HTTPS Browsers that do not support HSTS header will simply ignore Used to mitigate sslstrip vulnerability In the case of MTM, HSTS does not allow the user to override the invalid certificate error Entrust, Inc. All rights reserved. 14 9/29/2015
Certificate Transparency Certificate Reputation HTTP Public Key Pinning (HPKP) Certification Authority Authorization (CAA) 2015 Entrust Datacard Corporation. All rights reserved.
Multi-SAN Certificates Extended Validation (EV) Elliptic Curve Cryptography (ECC) Private Trust 2015 Entrust Datacard Corporation. All rights reserved.
Certificate Validation Models Best Practices: Certificates Use EV for high traffic or value websites OV should be used for public sites when EV is not required DV should only be used when Identity is not required (internal use or for non browser based applications) Entrust, Inc. All rights reserved.
Advanced Certificate Types Multi-SAN Certificates Single Certificate that support multiple URLs or public IP Addresses Use on Load Balancers and Firewalls Wildcard Certificates Dynamically support unlimited number of sub domains (*.abc.com) Domain coverage is wide, making the certificate and private key high value Use on Load Balancer and Firewalls for environments that are constantly changing ECC Certificates 256 bit EC private key offers better security and performance than RSA 2048 bit keys Limited client side support Private Trust SSL Certificates Used internally, not publicly trusted On premise PKI or hosted PKI service Are required November 2015 for certificate issued to Non-Fully Qualified Domain Names Entrust, Inc. All rights reserved. 18 9/29/2015
SSL on all Websites Mitigates HTTP attacks Increases Security Provides User Privacy Deploy HSTS 2015 Entrust Datacard Corporation. All rights reserved.
Security Partner Certificate Management Certificate Discovery Variety of Certificates Certificate/Website Scan Responsive CRL/OCSP 2015 Entrust Datacard Corporation. All rights reserved.
Choosing a Certificate Authority Security Posture, History, and Compliance Certificate Policies Root Embedding Services Offered (CRL/OCSP,Cert Types, ECC) Certificate Management Tools Support Entrust, Inc. All rights reserved. 21 9/29/2015
Tools and Resources SSL Labs Server Test SSL Chain Checkers Open SSL Certificate Discovery Certificate Management Tool Malware Scanner Bulletproof SSL Certificate Management Entrust, Inc. All rights reserved. 22 9/29/2015
SSL/TLS SERVER TEST 2015 Entrust Datacard Corporation. All rights reserved.
BULLETPROOF SSL AND TLS Written by SSL Expert, Ivan Ristic Most comprehensive guide to SSL Best Practices on the market Recommended reading for any IT Security professional dealing with SSL and certificates Available at Feisty Duck or on Amazon Included free of charge with Entrust Cloud SSL Enterprise 2015 Entrust Datacard Corporation. All rights reserved.
Thank you! Questions? 25 2015 Entrust Datacard Corporation. All rights reserved.