The document discusses SSL/TLS trends, practices, and futures. It covers global SSL encryption trends and drivers like increased spending on security and regulatory pressure. It discusses SSL best practices like enabling TLS 1.2, disabling weak protocols, using strong cipher strings, and enabling HTTP Strict Transport Security. The document also looks at solutions from F5 like hardware security modules, advanced key and certificate management, and market leading encryption support. It explores emerging standards like TLS 1.3 and topics like elliptic curve cryptography. Finally, it discusses what's next such as OCSP stapling and F5's SSL everywhere architecture.

1. SSL/TLS Trends, Practices, and
Futures
Brian A. McHenry, Security Solutions Architect
bam@f5.com
@bamchenry

2. © F5 Networks, Inc. 2
1. Global SSL Encryption Trends and Drivers
2. A Few “Best” Practices
3. Solutions
4. What’s Next?
Agenda

3. © F5 Networks, Inc. 3
• Worldwide spending on information security will reach $71.1 billion in 2014
• Data loss prevention segment recording the fastest growth at 18.9 percent,
• By 2015, roughly 10% of overall IT security enterprise product capabilities will
be delivered in the cloud
• Regulatory pressure will increase in Western Europe and Asia/Pacific from
2014
Gartner Says Worldwide Information Security Spending Will
Grow Almost 8 Percent in 2014

4. © F5 Networks, Inc. 4
IoEE-Commerce Privacy Mobility
S
n
o
w
d
e
n
Trajectory and Growth of Encryption
Customer Trends:
• PFS/ECC Demanded
• SSL Labs Application Scoring
Emerging Standards:
• TLS 1.3, HTTP 2.0/SPDY
• RSA -> ECC
Thought Leaders and Influence:
• Google: SHA2, SPDY, Search
Ranking by Encryption
• Microsoft: PFS Mandated
MARKET AMPLIFIERS
SSL growing ~30% annually. Entering the Fifth wave of transition (IoE)
0.0
0.5
1.0
1.5
2.0
2.5
3.0
3.5
1998 2002 2006 2010 2014
Source: Netcraft
MillionsofCertificates(CA)
Years

5. © F5 Networks, Inc. 5
Timeline of SSL Vulnerabilities & Attacks
February
2010
September
2011
February
2013
March
2013
March
2013
…
April
2014
RC4 Attacks
Weakness in CBC cipher
making plaintext
guessing possible
BEAST & CRIME
Client-sideor MITB
attacks leveraging a
chosen-plaintext flaw in
TLS 1.0 and TLS
compression flaws
RFC 5746
TLS extension for secure
renegotiation quickly
mainstreamed
Lucky 13
Another timing attack.
August
2009
August 2009
Insecure renegotiation
vulnerability exposes all
SSL stacks to DoS
attack
TIME
A refinement and
variation of CRIME
Heartbleed
The end of the Internet
as we know it!

6. © F5 Networks, Inc. 6
And the Hits Just Keep on Coming…

7. © F5 Networks, Inc. 7
SSL
Intelligence
and
Visibility
(Full
Proxy)
Enterprise
key
&
Certificate
Management
Advance
HSM
Support:
• Highest
Performing
HSM
options
• Virtualized
low-­‐bandwidth
options
• Market
Leading
HSM
Vendor
Support
Market
Leading
Encryption:
• Optimized
SSL
in
Hardware
and
Software
• Cipher
Diversity
(RSA,
ECC,
DSA)
• SSL
Visibility:
Proxy
SSL
&
Forward
Proxy
• SSL
Traffic
Intelligence:
• HSTS,
HTTP
2.0/SPDY,
OCSP
Stapling,
TLS
Server
Session
Ticket
Fully
Automated
Key
and
Certificate
Management:
• For
all
BIG-­‐IP
platforms
• For
all
vendor
platforms
• 3rd Party
Integration
for
best-­‐
in-­‐class
key
encryption:
Venafi,
Symantec/
VeriSign
• PKI
Supported
Environments
The Three Pillars of SSL Everywhere
Hardware
Security
Modules

8. © F5 Networks, Inc. 8
Data Protection:Microsoft and Google Expands Encryption

9. © F5 Networks, Inc. 9
Not all curves are considered equal
Different Authorities:
• US NIST (US National Institute of Standards) with 186-2 (recently
superseded in 2009 by the new186-3)
• US ANSI (American National Standard Institute) with X9.62
• US NSA (National Security Agency) Suite-B Cryptography for TOP
SECRET information exchange
• International SACG (Standards for efficient cryptography group)
with Recommended Elliptic Curve Domain Parameters
• German ECC Brainpool withECC Brainpool with their Strict
Security Requirements
• ECC Interoperability Forum composed by Certicom, Microsoft,
Redhat, Sun, NSA
If You Thought Encryption was confusing…
ECC, PFS and Curves

10. © F5 Networks, Inc. 10
Not all curves are considered equal
Different Names:
• Secp256r1, Prime256v1, NIST P-256
• Secp384r1, NIST-P384
Different Kinds of Curves:
• ECC over Prime Field (Elliptic Curve)
• ECC over Binary Field (Koblitz Curve)
Other Curves:
• Curve25519 (Google)
• Mumford (Microsoft)
• Brainpool
• DUAL_EC_RBNG
If You Thought Encryption was confusing…
ECC, PFS and Curves

11. Some SSL Best Practices

12. © F5 Networks, Inc. 12
• Google has begun adjusting page rank based on SSL implementations
• F5 customers have third-party/B2B requirements for strong encryption
• SSL Labs’ Pulse tool has made testing easy
• Users and businesses are choosing services based on Pulse grades
SSL: Not Just for Security

13. © F5 Networks, Inc. 13
• Set the option for Secure Renegotiation to “Require”
• Disable SSLv2 and SSLv3 (DEFAULT in 11.5+)
• Use an explicit, strong cipher string, such as:
• !SSLv2:!EXPORT:ECDHE+AES-GCM:ECDHE+AES:ECDHE+3DES:DHE+AES-
GCM:DHE+AES:DHE+3DES:RSA+AES-GCM:RSA+AES:RSA+3DES:-MD5:-SSLv3:-RC4
• Prefer Perfect Forward Secrecy (PFS)
• Done via prioritizing Ephemeral (DHE, ECDHE) ciphers in the string above
• Enable TLS_FALLBACK_SCSV extension
• Enable HTTP Strict Transport Security (HSTS)
• iRule prior to TMOS version 12.0
• Integrated into HTTP profile in next release
Achieving A+ Grades on SSLLabs.com

14. © F5 Networks, Inc. 14
HTTP Strict Transport Security iRule
when HTTP_RESPONSE {
HTTP::header insert Strict-Transport-Security "max-
age=[expr {$static::expires - [clock seconds]}];
includeSubDomains”
}

15. © F5 Networks, Inc. 15
• RFC 6797
• HSTS is enabled by the “Strict-Transport-Security” HTTP header
e.g.: Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
• When received, browsers will:
• Automatically convert HTTP references to HTTPS references
• Disallow certificate exemptions (self-signed, etc.)
• Cache HSTS information and reuse stored values for new sessions
New Feature: HTTP Strict Transport Security
AVAILABLE IN 12.0

16. © F5 Networks, Inc. 16
HTTP Strict Transport Security Configuration
HTTP Profile Screen

17. © F5 Networks, Inc. 17

18. © F5 Networks, Inc. 18
If I sound smart about crypto…

19. © F5 Networks, Inc. 19
SSL Feature Availability
Feature TMOS
TLS 1.2 10.2.3
ECC 11.4.0
PFS 11.4.0
SHA256 (SHA2) 10.2.3
SPDY 11.2.0
HTTP 2.0* 11.6.0
HSTS iRules/12.0
Feature TMOS
Secure Renegotiation
(RFC 5746)
10.2.3
TLS_FALLBACK_SCSV 11.5.0
Network HSM 11.2.1
Onboard HSM Y
SNI 11.1.0
Hybrid Certificates (ECC &
RSA)*
11.5.0

20. A Peek Under the Hood

21. © F5 Networks, Inc. 21
Network
Session
Application
Web
application
Physical
Client
/
Server
L4
Firewall:
Full
stateful
policy
enforcement
and
TCP
DDoS
mitigation
SSL
inspection
and
SSL
DDoS
mitigation
HTTP
proxy,
HTTP
DDoS
and
application
security
Application
health
monitoring
and
performance
anomaly
detection
Network
Session
Application
Web
application
Physical
Client
/
Server
Full Proxy Security
Proxy
SSL
(Visibility)
ASM
SSL
Forward
Proxy
(Visibility)
SWG

22. © F5 Networks, Inc. 22
Proxy Chain
HUD chains are a series of filters which implement the configuration.
The HUD chain is divided into two halves, client and server side.
Filters on HUD chains usually are arranged as client/server pairs.
The two halves are joined by the “proxy”.
Data Center
BIG-IP Platform
Clients
T
C
P
S
S
L
H
T
T
P
P
R
O
X
Y
H
T
T
P
S
S
L
T
C
P
• App “point of delivery & definition”
• App Intelligence - layer 3- 7 visibility
• Distinct client / server control
• Unified services / context
• Interoperability and gateway functions
Intelligent Full Proxy Benefits
BIG-IP Architecture – Proxy Chain

23. © F5 Networks, Inc. 23
Proxy Chain
Each SSL filter handles connection to device on their side of the proxy.
Normally, the two SSL filters operate completely independently.
Between the two filters, all data is available unencrypted.
To fully offload the backend server, remove the server side SSL filter.
Data Center
BIG-IP Platform
Clients
T
C
P
S
S
L
H
T
T
P
P
R
O
X
Y
H
T
T
P
S
S
L
T
C
P
• App “point of delivery & definition”
• App Intelligence - layer 3- 7 visibility
• Distinct client / server control
• Unified services / context
• Interoperability and gateway functions
Intelligent Full Proxy Benefits
BIG-IP Architecture – SSL Termination

24. © F5 Networks, Inc. 24
Data Center
Proxy Chain
Proxy SSL allows the client certificate to be presented to the server.
Intermediary filters are disabled.
SSL filters operate in monitor mode during the handshake.
Post-handshake, SSL enables decryption and other filters.
BIG-IP Platform
Clients
T
C
P
S
S
L
H
T
T
P
P
R
O
X
Y
H
T
T
P
S
S
L
T
C
P
• Allows server to perform client cert auth
• L7 content inspection after handshake
• Certificate transparent to end user
Intelligent Full Proxy Benefits
BIG-IP Architecture – Proxy SSL

25. © F5 Networks, Inc. 25
Proxy Chain
Forward SSL is used in Forward Proxy deployments.
“Just in time” certificate creation is used to decrypt SSL connections.
Enables policy based inspection of secure content.
Requires the ability to create trusted certificates to work.
Data Center
BIG-IP Platform
Clients
T
C
P
S
S
L
H
T
T
P
P
R
O
X
Y
H
T
T
P
S
S
L
T
C
P
• Inspect secure traffic at network edge
• Transparent to the end user
• Policy based bypass by:
• Source IP Address
• Destination IP Address
• Host Name (SAN,CN,SNI)
Forward SSL Proxy Benefits
BIG-IP Architecture – Forward SSL

26. What’s Next?

27. © F5 Networks, Inc. 27
A Quick Primer on Certificate Revocation
• If a SSL certificate is stolen or compromised, sites need a way to revoke the
certificate so it will no longer be trusted. Revocation is handled by either CRL or
OCSP.
• CRL: Certificate Revocation List
• The browser retrieves the list of all revoked certificates from the CA.
• The browser then parses the whole list looking for the certificate in question.
• OCSP: Online Certificate Status Protocol
• The browser sends the certificate to the CA for validation.
• The CA responds that the certificate is good, revoked, or unknown.
• OCSP is more efficient than CRL, but there’s room for improvement!
New Feature: OCSP Stapling
AVAILABLE IN 11.6

28. © F5 Networks, Inc. 28
• OCSP and CRL checks add significant overhead:
•DNS (1334ms)
•TCP handshake (240ms)
•SSL handshake (376ms)
•Follow certificate chain (1011ms)
•DNS to CA (300ms)
•TCP to CA (407ms)
•OCSP to CA #1 (598ms)
•TCP to CA #2 (317ms)
•OCSP to CA #2 (444ms)
•Finish SSL handshake (1270ms)
< T O TA L : 6 . 3 S e c o n d s >
• Add up the time for each step and you'll see that over 30% of the SSL overhead
comes from checking whether the certificate has been revoked.
• These checks are serial and block downloads.
OCSP & CRL Checks Hurt Performance
This portion is revocation check overhead.

29. © F5 Networks, Inc. 29
• OCSP Stapling allows the server to attach CA
signed information regarding the certificates
validity.
• Processing with OCSP enabled:
•DNS (1334ms)
•TCP handshake (240ms)
•SSL handshake (376ms)
•Follow certificate chain (1011ms)
•Process OCSP Data (10ms)
•Finish SSL handshake (1270ms)
< T O TA L : 4 . 2 S e c o n d s >
O C S P S t a p l i n g a l s o e l i m i n a t e s c o m m u n i c a t i o n
w i t h a t h i r d p a r t y d u r i n g c e r t i f i c a t e v a l i d a t i o n .
T h i s m a y b e c o n s i d e r e d b e t t e r s e c u r i t y s i n c e i t
p r e v e n t s i n f o r m a t i o n l e a k a g e .
OCSP Stapling to the Rescue

30. © F5 Networks, Inc. 30
OCSP Stapling Configuration
Changes to ‘Proxy Pool’ when ‘Use
Proxy Server’ is enabled

31. © F5 Networks, Inc. 31
OCSP Stapling Configuration
Profile Location Assignment to Client SSL Profile

32. © F5 Networks, Inc. 32
• SSL termination and inspection from
BIG-IP® Local Traffic Manager™
(LTM)
• Hybrid cipher support for ECC and
RSA ciphers
• SSL crypto-offload for additional SSL
capacity
• Integration with network HSMs from
SafeNet and Thales for key
management
SSL Everywhere RA – Bringing it all Together

33. © F5 Networks, Inc. 33
SSL Everywhere