Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

TLS

677 views

Published on

My talk at Internetdagarna November 22, 2016

Published in: Technology
  • Be the first to comment

TLS

  1. 1. TLSTLSTLS, SSL, CA, DV, OV, EV, X.509, PKI, SHA-1, SHA-2, SAN, CN, SNI, NPN, ALPN, OCSP, CRL, DNSSEC, DANE, CT, HPKP, HSTS, HTTPS, HTTP/2, ...
  2. 2. Email:daniel@haxx.se Twitter:@bagder Web:daniel.haxx.se Blog:daniel.haxx.se/blog Daniel Stenberg
  3. 3. Ask away!
  4. 4. TLS is more than HTTPS … but HTTPS is a pretty big and common TLS use case I’ll try to be generic but some things will be HTTPS specific
  5. 5. TLS is SSL SSL = TLS in practice SSL 1995 SSL v3 1996 TLS 1.0 1999 TLS 1.1 2006 TLS 1.2 2008 TLS 1.3 2017
  6. 6. Extensions TLS 1.2 2008 TLS 1.3 2017 Add things within same protocol version SNI ALPN and NPN
  7. 7. WWW
  8. 8. WWW under attack
  9. 9. Why TLS Surveillance Tracking Spoofed serversModified data Plain-textPlain-text protocolsprotocols are insecureare insecure
  10. 10. TLS in use
  11. 11. HTTPS == HTTP + TLS
  12. 12. TLS handshake Client: I want to speak with internetdagarna.se (SNI) Server: here’s my certificate
  13. 13. Certificate received, check it!
  14. 14. SAN and CN Server cert lists for which name or names it is valid. Or wildcard Subject Alternative Name (SAN), Common Name (CN) DNS Name: internetdagarna.seDNS Name: www.internetdagarna.se
  15. 15. Certificate Signatures SHA-1 is out Maybe soon for real
  16. 16. Who made that certificate? How can we trust it?
  17. 17. Certificate Authorities Hand out certificates to servers TLS apps use a “CA cert store” A set of trusted CAs Hundreds of them!
  18. 18. CA system CAs must follow guidelines Rogue CAs are excluded over time TLS applications add restraints
  19. 19. Bad CAs CAs have a lot of power CAs can hand out certificates for any domain by mistake or by attackers
  20. 20. Certificate Transparency Issued certificates in append-only logs Logs run by multiple stake-holders Allows TLS parties detect bad CAs
  21. 21. TLS without CA The CA system is error-prone DNS-based Authentication of Named Entities (DANE) Stores certs / or revocations in DNS Not used for HTTPS
  22. 22. TLS Servers gone bad Maybe attackers now control the site Certificate revocations are hard Online Certificate Status Protocol (OCSP) doesn’t help much TLS applications update slowly
  23. 23. Detect bad certificates Certificate Revocation Lists (CRL) OCSP stapling (TLS Certificate Status Request) Short life times Pinning (HPKP)
  24. 24. Stick to TLS (HTTPS) Accessing a web site without HTTPS introduces a MITM risk Strict Transport Security (HSTS)
  25. 25. HTTPS
  26. 26. How green is your padlock? Domain Validated (DV) Organization Validated (OV) Extended Validation (EV)
  27. 27. Ok, but to complicate matters...
  28. 28. TLS man-in-the-middle proxies Some operators claim they need to inspect your traffic But TLS is “end to end”? “hello, I’m your trusted CA that makes up certificates on demand”
  29. 29. TLS man-in-the-middle proxies client server
  30. 30. TLS man-in-the-middle proxies client server MITM
  31. 31. But can you trust the client?
  32. 32. Trust in the other direction Client certificates Replaced by 2fa
  33. 33. “TLS is slow”
  34. 34. Speed it up Resume recently closed connections Protocol improvements only over TLS Faster handshakes in TLS 1.3 due to less round-trips
  35. 35. The deprecation of clear text IETF, IAB, W3C, US Government, Mozilla (Firefox), Google (Chrome): “universal use of encryption by Internet applications”
  36. 36. TLS Validated certificate Data integrity No snooping Green padlock Going faster
  37. 37. Thank you! Questions?

×