SSL: Paved With Good Intentions. Richard Moore rich@westpoint.ltd.uk

Similar documents

SSL BEST PRACTICES OVERVIEW

SSL/TLS: The Ugly Truth

Chapter 17. Transport-Level Security

Integrated SSL Scanning

SSL and Browsers: The Pillars of Broken Security

Integrated SSL Scanning

SSL Server Rating Guide

A Study of What Really Breaks SSL HITB Amsterdam 2011

Securing VMware View Communication Channels with SSL Certificates TECHNICAL WHITE PAPER

Apache Security with SSL Using Linux

Websense Content Gateway HTTPS Configuration

SBClient SSL. Ehab AbuShmais

Apache Security with SSL Using Ubuntu

Vulnerabilità dei protocolli SSL/TLS

Internet SSL Survey 2010! Black Hat USA 2010

SSL Report: ebfl.srpskabanka.rs ( )

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Network Security Essentials Chapter 5

SSL Interception Proxies. Jeff Jarmoc Sr. Security Researcher Dell SecureWorks. and Transitive Trust

Public Key Infrastructures

Proto Balance SSL TLS Off-Loading, Load Balancing. User Manual - SSL.

mod_ssl Cryptographic Techniques

SSL: Secure Socket Layer

Bugzilla ID: Bugzilla Summary:

Apache, SSL and Digital Signatures Using FreeBSD

Securing the SSL/TLS channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs

ALTERNATIVES TO CERTIFICATION AUTHORITIES FOR A SECURE WEB

Web Security: Encryption & Authentication

SSL Manager Certificate Verification Engine

SSL Certificate Verification

CSE543 - Introduction to Computer and Network Security. Module: Public Key Infrastructure

Mobile Application Security

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Best Practice Guide (SSL Implementation) for Mobile App Development 最佳行事指引. Jointly published by. Publication version 1.

present the complete guide to ssl and seo

What s Your HTTPS Grade? A Case Study of HTTPS/SSL at Mid Michigan Community College. Brandon bkish@midmich.edu

Setting Up SSL on IIS6 for MEGA Advisor

By Jan De Clercq. Understanding. and Leveraging SSL-TLS. for Secure Communications

Fast, Scalable And Secure Web Hosting For Entrepreneurs

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

Best Practices and Applications of TLS/SSL

Installation and usage of SSL certificates: Your guide to getting it right

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

Public Key Infrastructure (PKI)

Is Your SSL Website and Mobile App Really Secure?

Certificates and network security

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

SSL implementieren aber sicher!

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Lesson 10: Attacks to the SSL Protocol

Configuration Guide for RFMS 3.0 Initial Configuration. WiNG 5 How-To Guide. Digital Certificates. July 2011 Revision 1.0

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Generating a Certificate Signing Request (CSR) from LoadMaster

Introduction to the DANE Protocol

Ciphermail S/MIME Setup Guide

State of PKI for SSL/TLS

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Introduction. Purpose. Background. Details

Web Security Considerations

The Inconvenient Truth about Web Certificates

Comodo 2048 bit SSL Certificates. Security for your online business now and long into the future

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

How to configure SSL proxying in Zorp 3 F5

Installing an SSL Certificate Provided by a Certificate Authority (CA) on the vwlan Appliance

Windows Mobile SSL Certificates

Vulnerability Remediation Plugin Guide

Transport Level Security

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

Extended SSL Certificates

Configuring Digital Certificates

Certificate technology on Pulse Secure Access

Certificate technology on Junos Pulse Secure Access

Communication Systems SSL

SSL Accelerated Services. SSL Accelerated Services for the LM5305-FIPS. Feature Description

Chapter 7 Transport-Level Security

How To Install A Citrix Netscaler On A Pc Or Mac Or Ipad (For A Web Browser) With A Certificate Certificate (For An Ipad) On A Netscaler (For Windows) With An Ipro (For

Secure Web Appliance. SSL Intercept

Transport Layer Security Protocols

TechNote. Contents. Overview. Using a Windows Enterprise Root CA with DPI-SSL. Network Security

Two Factor Authentication in SonicOS

SSL Decryption Certificates

Basics of SSL Certification

Michael Coates michael-coates.blogspot.com

Three attacks in SSL protocol and their solutions

More on SHA-1 deprecation:

Analysis of the HTTPS Certificate Ecosystem

Breaking the Myths of Extended Validation SSL Certificates

ERserver. iseries. Securing applications with SSL

HTTPS is Fast and Hassle-free with CloudFlare

The Real State of WiFi Security in the Connected Home August 25, 2015

ISY994 Series Network Security Configuration Guide Requires firmware version Requires Java 1.7+

Transcription:

SSL: Paved With Good Intentions Richard Moore rich@westpoint.ltd.uk

Why do we need SSL? Privacy Online shopping Online banking Identity Protection Data Integrity

Early SSL First public version was SSLv2 Developed by Netscape Released in November 1994 No public review prior to release

SSL 2 Basics Used X.509 Certificates for identity and key management Supported a range of cipher suites No support for extensions Protocol was controlled by Netscape

Oops! SSL 2 protocol was insecure US government forced the Export mode where the ciphers were weakened

SSL 3 Complete rewrite New record layer format Fixed the security flaws Released late 1995 Still a Netscape protocol

TLS1, Finally Work on this started in 1996 Intended to be a tidied up version of SSL 3 3DES made mandatory Designed to be extensible Spec ready late 1997

Maybe Not Like SSLv2 and SSLv3 TLS uses X.509 certificates X.509 specification was incomplete IETF rules means TLS had to wait TLS 1 finally released in 1999

TLS 1 Basics X.509 certificates used for identity and key management Supports a range of cipher suites Designed to be extensible Not controlled by any single vendor

Certificates Certificates are very important X.509 standard was not really designed for this ASN.1 Unfortunately complicated

What is in a Certificate? Subject Issuer Public Key Extensions Simple!

Certificate Authorities Certificates should be signed by a CA Prevents man-in-the-middle attacks Self-signed certificates are bad

Oops We Lost Our Keys Keys can be lost or compromised We need a way to revoke them Certificate Revocation Lists

Except CRLs Don t Work CRLs are too big Each CA has their own list OCSP is the answer

OCSP Online Certificate Status Protocol Certificate says where to ask Browser checks the OCSP looking for a signed status response

OCSP has Problems Too OCSP servers can get overloaded CAs don t update them very well Only the leaf certificates are currently checked

OCSP Stapling Web server sends the OCSP response as a TLS extension Response is signed by the CA so it s safe Only just reaching deployment Apache 2.3.3 added support Browser support is currently poor

The Story so Far TLS 1 Strong cipher suites X.509 Certificates Certificate Authorities OCSP Simple!

What About Virtual Hosting? Duplicate elements in Subject and Issuer SubjectAltNames Wildcards (naturally not specified how they work) Server Name Indication

There May be Trouble Ahead Now we ve had the theory The rest is easy

Ok, So I Lied Subject and issuer actually have a very complex structure The Common Name field was used to identify the server The RFCs allow certificates to contain arbitrary ASN.1

Getting Silly Because X.509 is general it lets you have many fields that are inappropriate for SSL Embedded photographs Favourite drinks Duplicate fields Logos

CAs Sign anything EV certificates (make them do their job) Rules for domain validation are only being formulated now Get compromised

Who do you Trust? People imagine there are few CAs Verisign, and a few others The reality is rather different

Random CA Facts Any CA can sign a certificate for any domain Dozens of German Universities Marks and Spencer Walt Disney 1,482 CA Certificates trustable by Windows or Firefox

Servers Often Misconfigured SSL 2 enabled Weak ciphers enabled NULL ciphers enabled Don t support OCSP pinning Don t support SNI

Certificate Problems Lots of default self-signed certs around Lots of name mismatches Weak certificates due to a bug in Debian s key generation

Bad Practices Failing to force users to use HTTPS Mixed content Content from other sites, especially analytics SSL used only for login pages Session cookies that aren t using the secureonly flag

SSL Implementations Not checking constraints properly ASN.1 problems NULs in names Shell globs for wildcards

Browsers Don t switch on the security by default Poor UI indications for users Inconsistent UI Even worse on mobile platforms Content from more than one HTTPS site are allowed

Users Ignore the warning dialogs Stick a padlock anywhere and they re happy Don t even notice if it s SSL So basically, all of the above is somewhat moot!

A World of FAIL CAs Servers Implementations Browser Users

Summary, SSL is Complex A suite of protocols All need to be right for real security Only as strong as the weakest link in the chain Currently the chain has several weak links

Questions?