SlideShare a Scribd company logo

SSL, X.509, HTTPS - How to configure your HTTPS server

H
hannob
Technology
1 of 22
Download to read offline
SSL, X.509, HTTPS How to configure your HTTPS server Hanno Böck, http://hboeck.de/
HTTPS ● It's complex ● Two protocols involving crypto – X.509 (for the certificates) and SSL/TLS (for the data transport) ● Many things can go wrong ● Often issues in the protocols themselves, not just application bugs ● Test by Qualys: https://www.ssllabs.com/ssltest/
The Problem ● I configured a host with everything like “you want it to be – as secure as possible”: https://fancyssl.hboeck.de/ ● But you won't be able to access it – at least not if you're using Internet Explorer, Firefox, Chrome, Safari, Opera or the Android-Browser ● w3m and lynx work ● If you don't want to wait till your browser supports modern ssl standards: http://fancynossl.hboeck.de/
X.509 CA signs cert User shows cert HTTPS Server
SSL / TLS Session key
The certificate ● Contains public key ● Can be RSA, DSA, ECDSA, RSA-PSS... (NTRU draft) – but in practice it's RSA ● Key length below 1024 (512 bit, 768 bit) – you're screwed ● Key length 1024 bit – not good (CAcert still allows it) ● Low exponents (like e=3, e=5) – can cause issues, but only if implementation is broken – better use e = 65537 (default today)
RSA – random numbers? ● Did you create your key with openssl on Debian/Ubuntu between 2006 and 2008? ● They accidently reduced randomness to PID resulting in 15 bit key entropy ● Batch GCD-attack found 0,2 % of keys factorable due to multiple keys using same primes ● Check it: https://factorable.net/ (29C3 “FactHacks” talk)
Hashes ● MD5 almost-broken since 1996, broken 2004 ● But some people had to learn it the hard way – 2008 fake RapidSSL subcert (25C3 talk: “MD5 considered harmful today”), FLAME-virus attacked Windows Update via MD5 ● SHA1 almost-broken since 2004, broken 201X ● But some people will learn it the hard way (like, for example, CAcert.org) ● For now, SHA-2 (SHA256, SHA512 etc.) is good, SHA-3 not yet usable
CAcert signatures MD5 MD5 root root MD5 SHA256 class3 class3 SHA1 SHA1 User cert User cert Before 06/2011 After 06/2011
From SSLv1 to TLSv1.2 ● SSL by Netscape ● SSLv2 (1995) is heavily broken, disabled in most apps today, replaced by SSLv3 (1996) ● TLS – successor of SSL, standard by IETF ● TLS 1.0 (1999), 1.1 (2006), 1.2 (2008) ● TLS 1.0 somewhat broken, TLS 1.1 not good ● If you want to avoid SHA1 you need TLS 1.2 ● BUT: Browser support widely only TLS 1.0
SSL-Algorithms ● ECDHE-RSA-AES256-GCM-SHA384 ● This means: RSA-signed key exchange with Elliptic Curve Ephemeral DH, symmetric AES encryption with 256 bit, Galois/Counter Mode, SHA384 hash ● RC4-SHA ● This means: RSA-signed symmetric RC4 encryption with SHA1 hash
Problems ● If the server provides many algos, user may choose weak ones – out of server admins control ● If the server is restrictive, connections may fail (old browsers) ● Fine-granular tuning sometimes impossible in common software like Apache ● In theory, everyone wants TLS 1.2 to avoid MD5/SHA1. In practice, almost nothing supports TLS 1.2.
Key exchange ● Key exchange – create session key that never gets transmitted ● Diffie Hellman or Elliptic Curve Diffie Hellman ● Provides Perfect Forward Secrecy ● If at some point in the future your server key gets compromised, attacker cannot decrypt previously recorded messages ● Problem: Apache defaults to 1024 bit DH and this cannot be changed (experimental patch)
BEAST-attack ● BEAST-attack against AES in CBC mode ● Weakness was known for a long time, but impractical – BEAST-attack just brought it to the real world ● Fixed in TLS 1.1 (but: the browsers...) ● Mitigation – client-side ● Server can offer RC4-ciphers (unaffected) ● But: RC4+DHE not well supported (no forward secrecy)
Apache config ● This is my Qualys-100 points setting: SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2 SSLCipherSuite TLSv1:!AES128:!AES256- GCM-SHA384:!AES256-SHA256:!SSLv3:! SSLv2:HIGH:!MEDIUM:!MD5:!LOW:!EXP:! NULL:!aNULL@STRENGTH
Apache config ● A more reasonable setting: SSLProtocol -SSLv2 -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2 SSLHonorCipherOrder on SSLCipherSuite ECDHE-ECDSA-AES256-GCM- SHA384:ECDHE-RSA-AES256-GCM- SHA384:ECDH-RSA-AES256-GCM- SHA384:ECDH-ECDSA-AES256-GCM- SHA384:ECDH-RSA-RC4-SHA:RC4-SHA:TLSv1:! AES128:!3DES:!CAMELLIA:! SSLv2:HIGH:MEDIUM:!MD5:!LOW:!EXP:!NULL:! aNULL
TLS Compression / CRIME attack ● CRIME attack by the authors of the BEAST attack ● TLSCompression is broken ● But nobody uses it anyway (limited browser support), so just disable it ● Apache Config (only 2.4 / unreleased 2.2.24): SSLCompression off ● Compression can still happen on the HTTP level
HSTS / Strict Transport Security ● HTTP-header ● Basically telling the browser: – Don't connect if anything is wrong (e. g. wrong certificate – this is a problem for CAcert!) – Only connect through SSL for timespan X (e. g. 6 months) – Can prevent SSL-Stripping ● HTTP-header: Strict-Transport-Security max-age=31536000;
Revocation / OCSP stapling ● Old method: CRL, doesn't scale ● New method: OCSP, Problem: Privacy ● Problem: What to do when OCSP responder not available? In theory: fail. In practice: pass. ● Chrome disabled OCSP, because it's broken anyway ● OCSP stapling encodes OCSP response in TLS communication ● Good idea: enable it (apache 2.4)
SNI ● Old problem of SSL: Only one certificate per IP ● But: Server Name Indication (SNI) allows to change that ● Almost every browser supports it! (except... still widely used Android 2.x) ● Requires TLS 1.0 ● Fallback of Firefox and other browsers to SSLv3 causes problems with unreliable connections
The elephant in the room ● Not focus of this talk, but: ● The SSL-system based on centralized CAs is broken ● Horribly broken ● You trust an unknown number of entities and each one of them can attack every connection ● It is easy to say that it's broken – it's much harder to tell how it should be ● EFF tries: https://www.eff.org/sovereign-keys
Further info ● SSL Observatory (talk at 27C3) https://www.eff.org/observatory ● Check your Server: https://www.ssllabs.com/ssltest/ https://factorable.net/ ● Use HTTPS everywhere: https://www.eff.org/https-everywhere

Recommended

Large Scale Deployment of SSL/TLS For MySQL
Large Scale Deployment of SSL/TLS For MySQLLarge Scale Deployment of SSL/TLS For MySQL
Large Scale Deployment of SSL/TLS For MySQLDaniël van Eeden
 
Protecting MySQL Network traffic
Protecting MySQL Network trafficProtecting MySQL Network traffic
Protecting MySQL Network trafficDaniël van Eeden
 
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)Jerome Smith
 
HTTPS: All you need to know
HTTPS: All you need to knowHTTPS: All you need to know
HTTPS: All you need to knowOVHcloud
 
HTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy TalesHTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy TalesOVHcloud
 
Tomcat openssl
Tomcat opensslTomcat openssl
Tomcat opensslJean-Frederic Clere
 
Ansible ssh y comandos ad-hoc
Ansible ssh y comandos ad-hocAnsible ssh y comandos ad-hoc
Ansible ssh y comandos ad-hocRaul Hugo
 
Tomcat openssl
Tomcat opensslTomcat openssl
Tomcat opensslJean-Frederic Clere
 

Recommended

Large Scale Deployment of SSL/TLS For MySQL
Large Scale Deployment of SSL/TLS For MySQLLarge Scale Deployment of SSL/TLS For MySQL
Large Scale Deployment of SSL/TLS For MySQLDaniël van Eeden
 
Protecting MySQL Network traffic
Protecting MySQL Network trafficProtecting MySQL Network traffic
Protecting MySQL Network trafficDaniël van Eeden
 
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)Jerome Smith
 
HTTPS: All you need to know
HTTPS: All you need to knowHTTPS: All you need to know
HTTPS: All you need to knowOVHcloud
 
HTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy TalesHTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy TalesOVHcloud
 
Tomcat openssl
Tomcat opensslTomcat openssl
Tomcat opensslJean-Frederic Clere
 
Ansible ssh y comandos ad-hoc
Ansible ssh y comandos ad-hocAnsible ssh y comandos ad-hoc
Ansible ssh y comandos ad-hocRaul Hugo
 
Tomcat openssl
Tomcat opensslTomcat openssl
Tomcat opensslJean-Frederic Clere
 
Openvpn
OpenvpnOpenvpn
Openvpnmato2012
 
Enumeration
EnumerationEnumeration
EnumerationUTD Computer Security Group
 
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat Security Conference
 
Secure LXC Networking
Secure LXC NetworkingSecure LXC Networking
Secure LXC NetworkingMarian Marinov
 
VPN Overview and IPsec Intro
VPN Overview and IPsec IntroVPN Overview and IPsec Intro
VPN Overview and IPsec IntroNetgate
 
Training Slides: 302 - Securing Your Cluster With SSL
Training Slides: 302 - Securing Your Cluster With SSLTraining Slides: 302 - Securing Your Cluster With SSL
Training Slides: 302 - Securing Your Cluster With SSLContinuent
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration TestingUTD Computer Security Group
 
HTTPS, Here and Now
HTTPS, Here and NowHTTPS, Here and Now
HTTPS, Here and NowPhilippe De Ryck
 
Lets Encrypt!
Lets Encrypt!Lets Encrypt!
Lets Encrypt!Joerg Henning
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanOWASP Delhi
 
BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...
BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...
BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...JosephTesta9
 
Irc how to sept 2012
Irc how to sept 2012Irc how to sept 2012
Irc how to sept 2012Christie Koehler
 
FIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclaveFIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclavewolfSSL
 
OpenVPN
OpenVPNOpenVPN
OpenVPNEmil CHERICHEȘ
 
Infrastructure Security
Infrastructure SecurityInfrastructure Security
Infrastructure SecurityUTD Computer Security Group
 
Skydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSkydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSylvain Afchain
 
Securing Back Office Business Processes with OpenVPN
Securing Back Office Business Processes with OpenVPNSecuring Back Office Business Processes with OpenVPN
Securing Back Office Business Processes with OpenVPNA Green
 
Apache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and TomcatApache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and TomcatJean-Frederic Clere
 
Firewalls and Virtualization - pfSense Hangout June 2014
Firewalls and Virtualization - pfSense Hangout June 2014Firewalls and Virtualization - pfSense Hangout June 2014
Firewalls and Virtualization - pfSense Hangout June 2014Netgate
 
Skydive 5/07/2016
Skydive 5/07/2016Skydive 5/07/2016
Skydive 5/07/2016Sylvain Afchain
 
SEO Considerations When Migrating to HTTPS by Kenneth Sytian
SEO Considerations When Migrating to HTTPS by Kenneth SytianSEO Considerations When Migrating to HTTPS by Kenneth Sytian
SEO Considerations When Migrating to HTTPS by Kenneth SytianGlen Dimaandal
 
EuSecWest 2008 - Abusing X509 Certificate Features (Alexander Klink, Cynops G...
EuSecWest 2008 - Abusing X509 Certificate Features (Alexander Klink, Cynops G...EuSecWest 2008 - Abusing X509 Certificate Features (Alexander Klink, Cynops G...
EuSecWest 2008 - Abusing X509 Certificate Features (Alexander Klink, Cynops G...gueste37130
 

More Related Content

What's hot

BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat Security Conference
 
VPN Overview and IPsec Intro
VPN Overview and IPsec IntroVPN Overview and IPsec Intro
VPN Overview and IPsec IntroNetgate
 
Training Slides: 302 - Securing Your Cluster With SSL
Training Slides: 302 - Securing Your Cluster With SSLTraining Slides: 302 - Securing Your Cluster With SSL
Training Slides: 302 - Securing Your Cluster With SSLContinuent
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanOWASP Delhi
 
BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...
BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...
BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...JosephTesta9
 
FIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclaveFIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclavewolfSSL
 
Skydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSkydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSylvain Afchain
 
Securing Back Office Business Processes with OpenVPN
Securing Back Office Business Processes with OpenVPNSecuring Back Office Business Processes with OpenVPN
Securing Back Office Business Processes with OpenVPNA Green
 
Apache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and TomcatApache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and TomcatJean-Frederic Clere
 
Firewalls and Virtualization - pfSense Hangout June 2014
Firewalls and Virtualization - pfSense Hangout June 2014Firewalls and Virtualization - pfSense Hangout June 2014
Firewalls and Virtualization - pfSense Hangout June 2014Netgate
 

What's hot (20)

Openvpn
OpenvpnOpenvpn
Openvpn
 
Enumeration
EnumerationEnumeration
Enumeration
 
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
 
Secure LXC Networking
Secure LXC NetworkingSecure LXC Networking
Secure LXC Networking
 
VPN Overview and IPsec Intro
VPN Overview and IPsec IntroVPN Overview and IPsec Intro
VPN Overview and IPsec Intro
 
Training Slides: 302 - Securing Your Cluster With SSL
Training Slides: 302 - Securing Your Cluster With SSLTraining Slides: 302 - Securing Your Cluster With SSL
Training Slides: 302 - Securing Your Cluster With SSL
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
 
HTTPS, Here and Now
HTTPS, Here and NowHTTPS, Here and Now
HTTPS, Here and Now
 
Lets Encrypt!
Lets Encrypt!Lets Encrypt!
Lets Encrypt!
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
 
BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...
BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...
BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...
 
Irc how to sept 2012
Irc how to sept 2012Irc how to sept 2012
Irc how to sept 2012
 
FIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclaveFIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure Enclave
 
OpenVPN
OpenVPNOpenVPN
OpenVPN
 
Infrastructure Security
Infrastructure SecurityInfrastructure Security
Infrastructure Security
 
Skydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSkydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integration
 
Securing Back Office Business Processes with OpenVPN
Securing Back Office Business Processes with OpenVPNSecuring Back Office Business Processes with OpenVPN
Securing Back Office Business Processes with OpenVPN
 
Apache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and TomcatApache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and Tomcat
 
Firewalls and Virtualization - pfSense Hangout June 2014
Firewalls and Virtualization - pfSense Hangout June 2014Firewalls and Virtualization - pfSense Hangout June 2014
Firewalls and Virtualization - pfSense Hangout June 2014
 
Skydive 5/07/2016
Skydive 5/07/2016Skydive 5/07/2016
Skydive 5/07/2016
 

Viewers also liked

SEO Considerations When Migrating to HTTPS by Kenneth Sytian
SEO Considerations When Migrating to HTTPS by Kenneth SytianSEO Considerations When Migrating to HTTPS by Kenneth Sytian
SEO Considerations When Migrating to HTTPS by Kenneth SytianGlen Dimaandal
 
EuSecWest 2008 - Abusing X509 Certificate Features (Alexander Klink, Cynops G...
EuSecWest 2008 - Abusing X509 Certificate Features (Alexander Klink, Cynops G...EuSecWest 2008 - Abusing X509 Certificate Features (Alexander Klink, Cynops G...
EuSecWest 2008 - Abusing X509 Certificate Features (Alexander Klink, Cynops G...gueste37130
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetPuneet Arora
 
Basic concept of pki
Basic concept of pkiBasic concept of pki
Basic concept of pkiPrabhat Goel
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesIshwar Dayal
 

Viewers also liked (10)

SEO Considerations When Migrating to HTTPS by Kenneth Sytian
SEO Considerations When Migrating to HTTPS by Kenneth SytianSEO Considerations When Migrating to HTTPS by Kenneth Sytian
SEO Considerations When Migrating to HTTPS by Kenneth Sytian
 
EuSecWest 2008 - Abusing X509 Certificate Features (Alexander Klink, Cynops G...
EuSecWest 2008 - Abusing X509 Certificate Features (Alexander Klink, Cynops G...EuSecWest 2008 - Abusing X509 Certificate Features (Alexander Klink, Cynops G...
EuSecWest 2008 - Abusing X509 Certificate Features (Alexander Klink, Cynops G...
 
SSL overview
SSL overviewSSL overview
SSL overview
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.Net
 
Poodles!!!
Poodles!!!Poodles!!!
Poodles!!!
 
Digital Certificate
Digital CertificateDigital Certificate
Digital Certificate
 
Basic concept of pki
Basic concept of pkiBasic concept of pki
Basic concept of pki
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummies
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
 

Similar to SSL, X.509, HTTPS - How to configure your HTTPS server

Random musings on SSL/TLS configuration
Random musings on SSL/TLS configurationRandom musings on SSL/TLS configuration
Random musings on SSL/TLS configurationextremeunix
 
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)Gabriella Davis
 
Linux confau 2019: Web Security 2019
Linux confau 2019: Web Security 2019Linux confau 2019: Web Security 2019
Linux confau 2019: Web Security 2019James Bromberger
 
Sử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSecurity Bootcamp
 
wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL
 
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)Igalia
 
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...Accelerating and Securing your Applications in AWS. In-depth look at Solving ...
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...Amazon Web Services
 
Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Cloudflare
 
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)Ontico
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsSlawomir Jasek
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteHostedGraphite
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
Adopting Modern SSL / TLS
Adopting Modern SSL / TLSAdopting Modern SSL / TLS
Adopting Modern SSL / TLSAvi Networks
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 

Similar to SSL, X.509, HTTPS - How to configure your HTTPS server (20)

Random musings on SSL/TLS configuration
Random musings on SSL/TLS configurationRandom musings on SSL/TLS configuration
Random musings on SSL/TLS configuration
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
 
Rootconf2019
Rootconf2019Rootconf2019
Rootconf2019
 
Cours4.pptx
Cours4.pptxCours4.pptx
Cours4.pptx
 
Tls 13final13
Tls 13final13Tls 13final13
Tls 13final13
 
Linux confau 2019: Web Security 2019
Linux confau 2019: Web Security 2019Linux confau 2019: Web Security 2019
Linux confau 2019: Web Security 2019
 
Sử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng Dương
 
Go paranoid
Go paranoidGo paranoid
Go paranoid
 
wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL and TLS 1.3
wolfSSL and TLS 1.3
 
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)
 
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...Accelerating and Securing your Applications in AWS. In-depth look at Solving ...
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...
 
Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)
 
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocols
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
Adopting Modern SSL / TLS
Adopting Modern SSL / TLSAdopting Modern SSL / TLS
Adopting Modern SSL / TLS
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 

More from hannob

The Fuzzing Project - 32C3
The Fuzzing Project - 32C3The Fuzzing Project - 32C3
The Fuzzing Project - 32C3hannob
 
TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)hannob
 
Some tales about TLS
Some tales about TLSSome tales about TLS
Some tales about TLShannob
 
Crypto workshop part 3 - Don't do this yourself
Crypto workshop part 3 - Don't do this yourselfCrypto workshop part 3 - Don't do this yourself
Crypto workshop part 3 - Don't do this yourselfhannob
 
Crypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and CryptoCrypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and Cryptohannob
 
How broken is TLS?
How broken is TLS?How broken is TLS?
How broken is TLS?hannob
 
Papierlos
PapierlosPapierlos
Papierloshannob
 
Gehackte Webapplikationen und Malware
Gehackte Webapplikationen und MalwareGehackte Webapplikationen und Malware
Gehackte Webapplikationen und Malwarehannob
 
Stromsparen
StromsparenStromsparen
Stromsparenhannob
 
Wirtschaftswachstum, klimawandel und Peak Oil
Wirtschaftswachstum, klimawandel und Peak OilWirtschaftswachstum, klimawandel und Peak Oil
Wirtschaftswachstum, klimawandel und Peak Oilhannob
 

More from hannob (10)

The Fuzzing Project - 32C3
The Fuzzing Project - 32C3The Fuzzing Project - 32C3
The Fuzzing Project - 32C3
 
TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)
 
Some tales about TLS
Some tales about TLSSome tales about TLS
Some tales about TLS
 
Crypto workshop part 3 - Don't do this yourself
Crypto workshop part 3 - Don't do this yourselfCrypto workshop part 3 - Don't do this yourself
Crypto workshop part 3 - Don't do this yourself
 
Crypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and CryptoCrypto workshop part 1 - Web and Crypto
Crypto workshop part 1 - Web and Crypto
 
How broken is TLS?
How broken is TLS?How broken is TLS?
How broken is TLS?
 
Papierlos
PapierlosPapierlos
Papierlos
 
Gehackte Webapplikationen und Malware
Gehackte Webapplikationen und MalwareGehackte Webapplikationen und Malware
Gehackte Webapplikationen und Malware
 
Stromsparen
StromsparenStromsparen
Stromsparen
 
Wirtschaftswachstum, klimawandel und Peak Oil
Wirtschaftswachstum, klimawandel und Peak OilWirtschaftswachstum, klimawandel und Peak Oil
Wirtschaftswachstum, klimawandel und Peak Oil
 

Recently uploaded

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 

Recently uploaded (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 

SSL, X.509, HTTPS - How to configure your HTTPS server

  • 1. SSL, X.509, HTTPS How to configure your HTTPS server Hanno Böck, http://hboeck.de/
  • 2. HTTPS ● It's complex ● Two protocols involving crypto – X.509 (for the certificates) and SSL/TLS (for the data transport) ● Many things can go wrong ● Often issues in the protocols themselves, not just application bugs ● Test by Qualys: https://www.ssllabs.com/ssltest/
  • 3. The Problem ● I configured a host with everything like “you want it to be – as secure as possible”: https://fancyssl.hboeck.de/ ● But you won't be able to access it – at least not if you're using Internet Explorer, Firefox, Chrome, Safari, Opera or the Android-Browser ● w3m and lynx work ● If you don't want to wait till your browser supports modern ssl standards: http://fancynossl.hboeck.de/
  • 4. X.509 CA signs cert User shows cert HTTPS Server
  • 6. The certificate ● Contains public key ● Can be RSA, DSA, ECDSA, RSA-PSS... (NTRU draft) – but in practice it's RSA ● Key length below 1024 (512 bit, 768 bit) – you're screwed ● Key length 1024 bit – not good (CAcert still allows it) ● Low exponents (like e=3, e=5) – can cause issues, but only if implementation is broken – better use e = 65537 (default today)
  • 7. RSA – random numbers? ● Did you create your key with openssl on Debian/Ubuntu between 2006 and 2008? ● They accidently reduced randomness to PID resulting in 15 bit key entropy ● Batch GCD-attack found 0,2 % of keys factorable due to multiple keys using same primes ● Check it: https://factorable.net/ (29C3 “FactHacks” talk)
  • 8. Hashes ● MD5 almost-broken since 1996, broken 2004 ● But some people had to learn it the hard way – 2008 fake RapidSSL subcert (25C3 talk: “MD5 considered harmful today”), FLAME-virus attacked Windows Update via MD5 ● SHA1 almost-broken since 2004, broken 201X ● But some people will learn it the hard way (like, for example, CAcert.org) ● For now, SHA-2 (SHA256, SHA512 etc.) is good, SHA-3 not yet usable
  • 9. CAcert signatures MD5 MD5 root root MD5 SHA256 class3 class3 SHA1 SHA1 User cert User cert Before 06/2011 After 06/2011
  • 10. From SSLv1 to TLSv1.2 ● SSL by Netscape ● SSLv2 (1995) is heavily broken, disabled in most apps today, replaced by SSLv3 (1996) ● TLS – successor of SSL, standard by IETF ● TLS 1.0 (1999), 1.1 (2006), 1.2 (2008) ● TLS 1.0 somewhat broken, TLS 1.1 not good ● If you want to avoid SHA1 you need TLS 1.2 ● BUT: Browser support widely only TLS 1.0
  • 11. SSL-Algorithms ● ECDHE-RSA-AES256-GCM-SHA384 ● This means: RSA-signed key exchange with Elliptic Curve Ephemeral DH, symmetric AES encryption with 256 bit, Galois/Counter Mode, SHA384 hash ● RC4-SHA ● This means: RSA-signed symmetric RC4 encryption with SHA1 hash
  • 12. Problems ● If the server provides many algos, user may choose weak ones – out of server admins control ● If the server is restrictive, connections may fail (old browsers) ● Fine-granular tuning sometimes impossible in common software like Apache ● In theory, everyone wants TLS 1.2 to avoid MD5/SHA1. In practice, almost nothing supports TLS 1.2.
  • 13. Key exchange ● Key exchange – create session key that never gets transmitted ● Diffie Hellman or Elliptic Curve Diffie Hellman ● Provides Perfect Forward Secrecy ● If at some point in the future your server key gets compromised, attacker cannot decrypt previously recorded messages ● Problem: Apache defaults to 1024 bit DH and this cannot be changed (experimental patch)
  • 14. BEAST-attack ● BEAST-attack against AES in CBC mode ● Weakness was known for a long time, but impractical – BEAST-attack just brought it to the real world ● Fixed in TLS 1.1 (but: the browsers...) ● Mitigation – client-side ● Server can offer RC4-ciphers (unaffected) ● But: RC4+DHE not well supported (no forward secrecy)
  • 15. Apache config ● This is my Qualys-100 points setting: SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2 SSLCipherSuite TLSv1:!AES128:!AES256- GCM-SHA384:!AES256-SHA256:!SSLv3:! SSLv2:HIGH:!MEDIUM:!MD5:!LOW:!EXP:! NULL:!aNULL@STRENGTH
  • 16. Apache config ● A more reasonable setting: SSLProtocol -SSLv2 -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2 SSLHonorCipherOrder on SSLCipherSuite ECDHE-ECDSA-AES256-GCM- SHA384:ECDHE-RSA-AES256-GCM- SHA384:ECDH-RSA-AES256-GCM- SHA384:ECDH-ECDSA-AES256-GCM- SHA384:ECDH-RSA-RC4-SHA:RC4-SHA:TLSv1:! AES128:!3DES:!CAMELLIA:! SSLv2:HIGH:MEDIUM:!MD5:!LOW:!EXP:!NULL:! aNULL
  • 17. TLS Compression / CRIME attack ● CRIME attack by the authors of the BEAST attack ● TLSCompression is broken ● But nobody uses it anyway (limited browser support), so just disable it ● Apache Config (only 2.4 / unreleased 2.2.24): SSLCompression off ● Compression can still happen on the HTTP level
  • 18. HSTS / Strict Transport Security ● HTTP-header ● Basically telling the browser: – Don't connect if anything is wrong (e. g. wrong certificate – this is a problem for CAcert!) – Only connect through SSL for timespan X (e. g. 6 months) – Can prevent SSL-Stripping ● HTTP-header: Strict-Transport-Security max-age=31536000;
  • 19. Revocation / OCSP stapling ● Old method: CRL, doesn't scale ● New method: OCSP, Problem: Privacy ● Problem: What to do when OCSP responder not available? In theory: fail. In practice: pass. ● Chrome disabled OCSP, because it's broken anyway ● OCSP stapling encodes OCSP response in TLS communication ● Good idea: enable it (apache 2.4)
  • 20. SNI ● Old problem of SSL: Only one certificate per IP ● But: Server Name Indication (SNI) allows to change that ● Almost every browser supports it! (except... still widely used Android 2.x) ● Requires TLS 1.0 ● Fallback of Firefox and other browsers to SSLv3 causes problems with unreliable connections
  • 21. The elephant in the room ● Not focus of this talk, but: ● The SSL-system based on centralized CAs is broken ● Horribly broken ● You trust an unknown number of entities and each one of them can attack every connection ● It is easy to say that it's broken – it's much harder to tell how it should be ● EFF tries: https://www.eff.org/sovereign-keys
  • 22. Further info ● SSL Observatory (talk at 27C3) https://www.eff.org/observatory ● Check your Server: https://www.ssllabs.com/ssltest/ https://factorable.net/ ● Use HTTPS everywhere: https://www.eff.org/https-everywhere