• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
"The Sorry State of SSL" Hynek Schlawack, PyConRu 2014
 

"The Sorry State of SSL" Hynek Schlawack, PyConRu 2014

on

  • 292 views

 

Statistics

Views

Total Views
292
Views on SlideShare
292
Embed Views
0

Actions

Likes
0
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    "The Sorry State of SSL" Hynek Schlawack, PyConRu 2014 "The Sorry State of SSL" Hynek Schlawack, PyConRu 2014 Presentation Transcript

    • THE SORRY STATE OF ССЛ Hynek Schlawack
    • @hynek https://hynek.me https://github.com/hynek Привет!
    • https://www.variomedia.de
    • ONLY LINK ox.cx/t
    • WTF
    • WTF SSL
    • WTF SSL & TLS
    • TIMELINE
    • TIMELINE 1995: Secure Sockets Layer 2.0, Netscape
    • TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0, still Netscape
    • TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0, still Netscape 1999: Transport Layer Security 1.0, IETF
    • TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0, still Netscape 1999: Transport Layer Security 1.0, IETF 2006: TLS 1.1
    • TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0, still Netscape 1999: Transport Layer Security 1.0, IETF 2006: TLS 1.1 2008: TLS 1.2
    • 2013
    • 2013 • newfound scrutiny
    • 2013 • newfound scrutiny • browsers add TLS 1.2
    • 2013 • newfound scrutiny • browsers add TLS 1.2 • just using TLS not enough
    • TLS
    • TLS • identity
    • TLS • identity • confidentiality
    • TLS • identity • confidentiality • integrity
    • TLS HYGIENE
    • SERVERS
    • BE UP-TO-DATE • OpenSSL >= 1.0.1c • Apache >= 2.4.0 • nginx >= 1.0.6 or 1.1.0
    • BE UP-TO-DATE • OpenSSL >= 1.0.1c • Apache >= 2.4.0 • nginx >= 1.0.6 or 1.1.0 g
    • CERTIFICATES • identity • validity
    • CERTIFICATES • identity • validity • CA sig
    • CERTIFICATES • identity • validity • CA sig
    • CERTIFICATES • identity • validity • CA sig
    • CERTIFICATES • identity • validity • CA sig
    • CERTIFICATES • identity • validity • CA sig
    • EXTENDED VALIDATION CERTIFICATES
    • EXTENDED VALIDATION CERTIFICATES
    • TRUST CHAIN
    • TRUST CHAIN
    • TRUST CHAIN
    • CERTIFICATES • trust chain
    • CERTIFICATES • trust chain • host name/service
    • CERTIFICATES • trust chain • host name/service • already/still valid?
    • DISABLE • SSL 2.0
    • DISABLE • SSL 2.0 • SSL 3.0 (if you can)
    • DISABLE • SSL 2.0 • SSL 3.0 (if you can) • TLS compression
    • CIPHER SUITES
    • CIPHER
    • CIPHER Cipher
    • CIPHER CipherPlaintext
    • CIPHER CipherPlaintext
    • CIPHER Cipher CiphertextPlaintext
    • Ciphertext CIPHER Cipher Plaintext
    • CIPHER: MODE
    • CIPHER: MODE • CBC
    • CIPHER: MODE • CBC • stream ciphers
    • CIPHER: MODE • CBC • stream ciphers • GCM
    • ENCRYPTION: PREFER THIS
    • ENCRYPTION: PREFER THIS AES128-GCM &
    • ENCRYPTION: PREFER THIS AES128-GCM & ChaCha20
    • ENCRYPTION: FALL BACK TO AES128-CBC
    • ENCRYPTION: IF LIFE IS CRUEL TO YOU 3DES-CBC
    • ENCRYPTION: EOL
    • ENCRYPTION: DANGEROUS • EXP-*
    • ENCRYPTION: DANGEROUS • EXP-* • DES
    • ENCRYPTION: DANGEROUS • EXP-* • DES • RC4
    • ENCRYPTION: DANGEROUS • EXP-* • DES • RC4
    • KEY EXCHANGE
    • KEY EXCHANGE fast PFS RSA ✔️ ❌
    • KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️
    • KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️ ECDHE ✔️ ✔️
    • KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️ ECDHE ✔️ ✔️
    • INTEGRITY: MACS • Message Authentication Code
    • INTEGRITY: MACS • Message Authentication Code • HMAC
    • INTEGRITY: MACS • Message Authentication Code • HMAC • GCM
    • HAVE THE LAST WORD
    • YOU’RE DONE!
    • YOU’RE DONE! (but test your results!)
    • CERTIFICATE
    • CERTIFICATE
    • CERTIFICATE
    • CERTIFICATE
    • CERTIFICATE
    • CERTIFICATE
    • CERTIFICATE
    • PROTOCOLS
    • PROTOCOLS
    • PROTOCOLS
    • PROTOCOLS
    • CIPHER SUITES
    • CIPHER SUITES
    • CIPHER SUITES
    • CIPHER SUITES
    • CIPHER SUITES
    • CIPHER SUITES
    • CIPHER SUITES
    • CIPHER SUITES
    • CLIENTS
    • YOU HAD ONE JOB!
    • YOU HAD ONE JOB! VERIFY!
    • VERIFY THE CERTIFICATE! • valid?
    • VERIFY THE CERTIFICATE! • valid? • trustworthy chain?
    • VERIFY THE CERTIFICATE! • valid? • trustworthy chain? • correct hostname/service?
    • TRUST CHAIN
    • TRUST CHAIN • VERIFY_PEER
    • TRUST CHAIN • VERIFY_PEER • trust stores OS dependent
    • TRUST CHAIN • VERIFY_PEER • trust stores OS dependent • SSL_CTX_set_default_ verify_paths
    • SYSTEM CA • FreeBSD: ca_root_nss
    • SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates
    • SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates • OS X: TEA or homebrew
    • SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates • OS X: TEA or homebrew • Windows: wincertstore
    • SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates • OS X: TEA or homebrew • Windows: wincertstore • or: Mozilla/certifi
    • HOSTNAME VERIFICATION OpenSSL to developers:
    • HOSTNAME VERIFICATION OpenSSL to developers: LOL
    • DON’T VERIFY TRUST CHAIN I can pretend to be Google with any self-signed certificate.
    • DON’T VERIFY HOSTNAME I can pretend to be Google with any valid certificate.
    • SET SOME OPTIONS • acceptable ciphers • disable SSL 2.0
    • THAT’S ALL!
    • USERS
    • FUNDAMENTAL MISCONCEPTIONS
    • FUNDAMENTAL MISCONCEPTIONS • no end-to-end security
    • FUNDAMENTAL MISCONCEPTIONS • no end-to-end security • metadata
    • VPN?
    • VPN? • sees all your traffic
    • VPN? • sees all your traffic • same for CDN
    • CERTIFICATE WARNINIGS
    • CERTIFICATE WARNINIGS
    • ROOT CERTIFICATE POISONING
    • TRUST ISSUES
    • TRUST ISSUES
    • TRUST ISSUES
    • TRUST ISSUES
    • TRUST ISSUES • hacked
    • TRUST ISSUES • hacked • screw up
    • TRUST ISSUES • hacked • screw up • court orders
    • TRUST ISSUES • hacked • screw up • court orders • big corp
    • DON’T DO IT YOURSELF IF YOU CAN HELP IT. Rule of Thumb
    • STANDARD LIBRARY VS. PYOPENSSL
    • STANDARD LIBRARY
    • STANDARD LIBRARY • terrible pre-3.3
    • STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7
    • STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7 • PFS impossible
    • STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7 • PFS impossible • missing options
    • STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7 • PFS impossible • missing options • bound to Python’s OpenSSL
    • HOSTNAME VERIFICATION 3.2– from ssl import match_hostname 2.4–2.7 pip install backports.ssl_match_hostname
    • PYOPENSSL
    • PYOPENSSL • Python 2.6+, 3.2+, and PyPy
    • PYOPENSSL • Python 2.6+, 3.2+, and PyPy • more complete API coverage
    • PYOPENSSL • Python 2.6+, 3.2+, and PyPy • more complete API coverage • PyCA cryptography!
    • CRYPTOGRAPHY.IO
    • CRYPTOGRAPHY.IO • Python crypto w/o footguns
    • CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyCA
    • CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyCA • PyPy ♥ CFFI
    • CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyCA • PyPy ♥ CFFI • gives pyOpenSSL momentum
    • HOSTNAME VERIFICATION service_identity
    • LIBRARIES & FRAMEWORKS
    • SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌
    • SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️
    • SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️ uWSGI own C code ✔️ ❌ ✔️
    • SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️ uWSGI own C code ✔️ ❌ ✔️
    • CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌
    • CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌
    • CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL depends depends ✔️
    • CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL depends depends ✔️ urllib2 stdlib ❌ ❌ ❌
    • CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL depends depends ✔️ urllib2 stdlib ❌ ❌ ❌ urllib3/requests hybrid ✔️ ✔️ ✔️
    • SUMMARY
    • SUMMARY • keep TLS out of Python if you can
    • SUMMARY • keep TLS out of Python if you can • use pyOpenSSL-powered requests for HTTPS
    • SUMMARY • keep TLS out of Python if you can • use pyOpenSSL-powered requests for HTTPS • write servers in Twisted
    • SUMMARY • keep TLS out of Python if you can • use pyOpenSSL-powered requests for HTTPS • write servers in Twisted • use pyOpenSSL
    • SUMMARY • keep TLS out of Python if you can • use pyOpenSSL-powered requests for HTTPS • write servers in Twisted • use pyOpenSSL • use Python 2 stdlib only for clients
    • WHY SORRY?
    • IMPLEMENTATIONS
    • IMPLEMENTATIONS
    • USERS
    • USERS • run outdated software
    • USERS • run outdated software • click certificate warnings away
    • USERS • run outdated software • click certificate warnings away • are at the mercy of 3rd parties
    • SERVERS
    • SERVERS
    • CLIENTS
    • PYTHON Is at the forefront of terrible.
    • HOPE
    • HOPE • people care again
    • HOPE • people care again • stdlib
    • HOPE • people care again • stdlib • PyCA
    • CALLS TO ACTION
    • CALLS TO ACTION
    • CALLS TO ACTION
    • CALLS TO ACTION
    • CALLS TO ACTION
    • ox.cx/t @hynek vrmd.de