SlideShare a Scribd company logo

curl and TLS #MeraKrypto

Daniel Stenberg
Daniel Stenberg

Daniel Stenberg presented on TLS and curl. He discussed curl and its TLS support, libcurl which powers curl, TLS obstacles, the CA cert bundle, no end in sight for improving TLS, http2 which will use TLS mandatory, opportunistic TLS, and the future of further TLS improvements like TLS 1.3 and DANE. Stenberg took questions and encouraged learning more about curl and TLS on the curl website.

TechnologyEducation
1 of 22
Download to read offline
#MeraKrypto TLS and curl Daniel Stenberg, April 29th 2014
Agenda curl TLS http2 Future
Daniel Stenberg Email: daniel@haxx.se Twitter: @bagder Web: daniel.haxx.se Blog: daniel.haxx.se/blog network hacker at
Please ask! Feel free to interrupt and ask at any time!
If I say SSL I mean TLS I tend to use the terms interchangeably
curl • curl is a tool I made • born around 1998 • widely used for REST, downloads, scripted transfers and more • I expect everyone here to already know about it! • Added TLS support 1999 • Uses TLS for HTTPS, FTPS, POP3S, IMAPS, SMTPS, LDAPS and RTMPS • 100% free and open source - join us!
libcurl 2014 •The engine of the curl tool •The world's most used, most portable and most feature complete URL transfer library •Empowers cars, set-top boxes, printers, routers, Bluray players, TV sets, phones, tablets, games, web sites and a bus load of other use case. •Used by hundreds of well known companies and brands •Some 500 million users •Written in C •More than 40 bindings - for every language you can think of
TLS in libcurl •supports 10 different TLS back-ends •They differ in platform support, footprint, features, license and performance •Designed to be almost invisible to the user •Allows applications to add TLS secured transfers to their applications with no effort •libcurl itself often built upon by other layers
The libcurl usage mistake #1 Reminder unauthenticated TLS is not secure
The libcurl usage mistake #1 “Verify peer” and “verify host” •“but I just want encryption” •“but I can't afford a certificate” •“but it is annoying to my users” •“but it works just fine even if I disable it” •“but I don't need a client certificate”
TLS obstacles Over time, the course gets harder The large set of obstacles are increasing and becoming harder to climb TLS-fronting applications need to care
The TLS obstacle course SSLv2 SSLv3 < TLS1.2 BEAST CRIMERC4 MD5 Broken CAs Wildcard matching Verify cert Profit! ???
CA cert bundle Needed to verify server cert Which Certificate Authorities do you trust? Did you edit your CA cert bundle today? The curl site offers a bundle converted from Mozilla sources Maintaining an own set is lots of work
No end to TLS in sight •TCP improvements are discussed •TLS improvements are discussed •TCP replacements are discussed •CA and cert improvements are discussed •TLS replacements are not discussed •HTTP improvements are discussed...
http2 •http2 is the new HTTP, arriving late 2014 •not yet set in stone •changes the over-the-wire data format •same old http:// and https:// URLs
Will http2 fix HTTPS? •attempts were made to make TLS mandatory •fought by proxies, small-products and “surveillance friendly” parties •pushed by user-centric browser vendors •Firefox and Chrome will only do http2 over TLS •IE will do plain-text
Opportunistic TLS •Alt-Svc: and ALTSVC •“You can also find this content over here =>” •Optional •Allows http:// over TLS! •Debated
Future •Further TLS obstacles and problems •TLS 1.3 •DANE •tcpcrypt
Thank you!
Learn more! •curl and libcurl: http://curl.haxx.se/ •http2 explained: http://daniel.haxx.se/http2 •Curl's TLS support compared: http://curl.haxx.se/docs/ssl-compared.html
Doing good is part of our code

Recommended

NATS - A new nervous system for distributed cloud platforms
NATS - A new nervous system for distributed cloud platformsNATS - A new nervous system for distributed cloud platforms
NATS - A new nervous system for distributed cloud platforms
Derek Collison
 
Weave - Containers Across Clouds - Edinburgh Docker Meetup, July 2015
Weave - Containers Across Clouds - Edinburgh Docker Meetup, July 2015Weave - Containers Across Clouds - Edinburgh Docker Meetup, July 2015
Weave - Containers Across Clouds - Edinburgh Docker Meetup, July 2015
Weaveworks
 
Running Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteRunning Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without Parachute
Cloudflare
 
NATS + Docker meetup talk Oct - 2016
NATS + Docker meetup talk Oct - 2016NATS + Docker meetup talk Oct - 2016
NATS + Docker meetup talk Oct - 2016
wallyqs
 
Micro on NATS - Microservices with Messaging
Micro on NATS - Microservices with MessagingMicro on NATS - Microservices with Messaging
Micro on NATS - Microservices with Messaging
Apcera
 
Dockercon plugins session
Dockercon plugins sessionDockercon plugins session
Dockercon plugins session
Weaveworks
 
HTML5, HTTP2, and You 1.1
HTML5, HTTP2, and You 1.1HTML5, HTTP2, and You 1.1
HTML5, HTTP2, and You 1.1
Daniel Austin
 
Cooking with Chef
Cooking with ChefCooking with Chef
Cooking with Chef
m_richardson
 

Recommended

NATS - A new nervous system for distributed cloud platforms
NATS - A new nervous system for distributed cloud platformsNATS - A new nervous system for distributed cloud platforms
NATS - A new nervous system for distributed cloud platforms
Derek Collison
 
Weave - Containers Across Clouds - Edinburgh Docker Meetup, July 2015
Weave - Containers Across Clouds - Edinburgh Docker Meetup, July 2015Weave - Containers Across Clouds - Edinburgh Docker Meetup, July 2015
Weave - Containers Across Clouds - Edinburgh Docker Meetup, July 2015
Weaveworks
 
Running Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteRunning Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without Parachute
Cloudflare
 
NATS + Docker meetup talk Oct - 2016
NATS + Docker meetup talk Oct - 2016NATS + Docker meetup talk Oct - 2016
NATS + Docker meetup talk Oct - 2016
wallyqs
 
Micro on NATS - Microservices with Messaging
Micro on NATS - Microservices with MessagingMicro on NATS - Microservices with Messaging
Micro on NATS - Microservices with Messaging
Apcera
 
Dockercon plugins session
Dockercon plugins sessionDockercon plugins session
Dockercon plugins session
Weaveworks
 
HTML5, HTTP2, and You 1.1
HTML5, HTTP2, and You 1.1HTML5, HTTP2, and You 1.1
HTML5, HTTP2, and You 1.1
Daniel Austin
 
Cooking with Chef
Cooking with ChefCooking with Chef
Cooking with Chef
m_richardson
 
A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015
Weaveworks
 
Laverna vs etherpad
Laverna vs etherpadLaverna vs etherpad
Laverna vs etherpad
antitree
 
Devoxx fr 2016 - Apache Kafka - Stream Data Platform
Devoxx fr 2016 - Apache Kafka - Stream Data PlatformDevoxx fr 2016 - Apache Kafka - Stream Data Platform
Devoxx fr 2016 - Apache Kafka - Stream Data Platform
Publicis Sapient Engineering
 
HTTP/2 : why upgrading the web? - apidays Paris
HTTP/2 : why upgrading the web? - apidays ParisHTTP/2 : why upgrading the web? - apidays Paris
HTTP/2 : why upgrading the web? - apidays Paris
Quentin Adam
 
GoSF Summerfest - Why Go at Apcera
GoSF Summerfest - Why Go at ApceraGoSF Summerfest - Why Go at Apcera
GoSF Summerfest - Why Go at Apcera
Derek Collison
 
High Performance Systems in Go - GopherCon 2014
High Performance Systems in Go - GopherCon 2014High Performance Systems in Go - GopherCon 2014
High Performance Systems in Go - GopherCon 2014
Derek Collison
 
Cluster Fudge: Recipes for WordPress in the Cloud (WordCamp Austin 2014 Speaker)
Cluster Fudge: Recipes for WordPress in the Cloud (WordCamp Austin 2014 Speaker)Cluster Fudge: Recipes for WordPress in the Cloud (WordCamp Austin 2014 Speaker)
Cluster Fudge: Recipes for WordPress in the Cloud (WordCamp Austin 2014 Speaker)
Grant Norwood
 
Http/2
Http/2Http/2
Http/2
Adrian Cardenas
 
Virus Bulletin 2012
Virus Bulletin 2012Virus Bulletin 2012
Virus Bulletin 2012
Cloudflare
 
Microservices Without the Hassle
Microservices Without the HassleMicroservices Without the Hassle
Microservices Without the Hassle
Fintan Ryan
 
2013 - Igor Sysoev - NGINx: origen, evolución y futuro - PHP Conference Argen...
2013 - Igor Sysoev - NGINx: origen, evolución y futuro - PHP Conference Argen...2013 - Igor Sysoev - NGINx: origen, evolución y futuro - PHP Conference Argen...
2013 - Igor Sysoev - NGINx: origen, evolución y futuro - PHP Conference Argen...
PHP Conference Argentina
 
Introduce iRedMail Open Source Mail Server Solution
Introduce iRedMail Open Source Mail Server SolutionIntroduce iRedMail Open Source Mail Server Solution
Introduce iRedMail Open Source Mail Server Solution
ZhangHuangbin
 
What's beyond Virtualization - The Future of Cloud Platforms
What's beyond Virtualization - The Future of Cloud PlatformsWhat's beyond Virtualization - The Future of Cloud Platforms
What's beyond Virtualization - The Future of Cloud Platforms
Derek Collison
 
Twitter Fatcache
Twitter FatcacheTwitter Fatcache
Twitter Fatcache
its_skm
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013
Cloudflare
 
Tech Talks_04.07.15_Session 4_Vladimir Iliev_Inter-thread Messaging With Disr...
Tech Talks_04.07.15_Session 4_Vladimir Iliev_Inter-thread Messaging With Disr...Tech Talks_04.07.15_Session 4_Vladimir Iliev_Inter-thread Messaging With Disr...
Tech Talks_04.07.15_Session 4_Vladimir Iliev_Inter-thread Messaging With Disr...
EPAM_Systems_Bulgaria
 
Cryptography and secure systems
Cryptography and secure systemsCryptography and secure systems
Cryptography and secure systems
Vsevolod Stakhov
 
Everybody runs this code all the time
Everybody runs this code all the timeEverybody runs this code all the time
Everybody runs this code all the time
Daniel Stenberg
 
HTTP/2 Update - FOSDEM 2016
HTTP/2 Update - FOSDEM 2016HTTP/2 Update - FOSDEM 2016
HTTP/2 Update - FOSDEM 2016
Daniel Stenberg
 
Internet all the things - curl everywhere!
Internet all the things - curl everywhere!Internet all the things - curl everywhere!
Internet all the things - curl everywhere!
Daniel Stenberg
 
HTTP/2 - for TCP/IP Geeks Stockholm
HTTP/2 - for TCP/IP Geeks StockholmHTTP/2 - for TCP/IP Geeks Stockholm
HTTP/2 - for TCP/IP Geeks Stockholm
Daniel Stenberg
 
TLS
TLSTLS
TLS
Daniel Stenberg
 

More Related Content

What's hot

A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015
Weaveworks
 
Laverna vs etherpad
Laverna vs etherpadLaverna vs etherpad
Laverna vs etherpad
antitree
 
Devoxx fr 2016 - Apache Kafka - Stream Data Platform
Devoxx fr 2016 - Apache Kafka - Stream Data PlatformDevoxx fr 2016 - Apache Kafka - Stream Data Platform
Devoxx fr 2016 - Apache Kafka - Stream Data Platform
Publicis Sapient Engineering
 
HTTP/2 : why upgrading the web? - apidays Paris
HTTP/2 : why upgrading the web? - apidays ParisHTTP/2 : why upgrading the web? - apidays Paris
HTTP/2 : why upgrading the web? - apidays Paris
Quentin Adam
 
GoSF Summerfest - Why Go at Apcera
GoSF Summerfest - Why Go at ApceraGoSF Summerfest - Why Go at Apcera
GoSF Summerfest - Why Go at Apcera
Derek Collison
 
High Performance Systems in Go - GopherCon 2014
High Performance Systems in Go - GopherCon 2014High Performance Systems in Go - GopherCon 2014
High Performance Systems in Go - GopherCon 2014
Derek Collison
 
Cluster Fudge: Recipes for WordPress in the Cloud (WordCamp Austin 2014 Speaker)
Cluster Fudge: Recipes for WordPress in the Cloud (WordCamp Austin 2014 Speaker)Cluster Fudge: Recipes for WordPress in the Cloud (WordCamp Austin 2014 Speaker)
Cluster Fudge: Recipes for WordPress in the Cloud (WordCamp Austin 2014 Speaker)
Grant Norwood
 
Http/2
Http/2Http/2
Http/2
Adrian Cardenas
 
Virus Bulletin 2012
Virus Bulletin 2012Virus Bulletin 2012
Virus Bulletin 2012
Cloudflare
 
Microservices Without the Hassle
Microservices Without the HassleMicroservices Without the Hassle
Microservices Without the Hassle
Fintan Ryan
 
2013 - Igor Sysoev - NGINx: origen, evolución y futuro - PHP Conference Argen...
2013 - Igor Sysoev - NGINx: origen, evolución y futuro - PHP Conference Argen...2013 - Igor Sysoev - NGINx: origen, evolución y futuro - PHP Conference Argen...
2013 - Igor Sysoev - NGINx: origen, evolución y futuro - PHP Conference Argen...
PHP Conference Argentina
 
Introduce iRedMail Open Source Mail Server Solution
Introduce iRedMail Open Source Mail Server SolutionIntroduce iRedMail Open Source Mail Server Solution
Introduce iRedMail Open Source Mail Server Solution
ZhangHuangbin
 
What's beyond Virtualization - The Future of Cloud Platforms
What's beyond Virtualization - The Future of Cloud PlatformsWhat's beyond Virtualization - The Future of Cloud Platforms
What's beyond Virtualization - The Future of Cloud Platforms
Derek Collison
 
Twitter Fatcache
Twitter FatcacheTwitter Fatcache
Twitter Fatcache
its_skm
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013
Cloudflare
 
Tech Talks_04.07.15_Session 4_Vladimir Iliev_Inter-thread Messaging With Disr...
Tech Talks_04.07.15_Session 4_Vladimir Iliev_Inter-thread Messaging With Disr...Tech Talks_04.07.15_Session 4_Vladimir Iliev_Inter-thread Messaging With Disr...
Tech Talks_04.07.15_Session 4_Vladimir Iliev_Inter-thread Messaging With Disr...
EPAM_Systems_Bulgaria
 

What's hot (16)

A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015A 5 Minute Intro To Weave - Software Circus July 2015
A 5 Minute Intro To Weave - Software Circus July 2015
 
Laverna vs etherpad
Laverna vs etherpadLaverna vs etherpad
Laverna vs etherpad
 
Devoxx fr 2016 - Apache Kafka - Stream Data Platform
Devoxx fr 2016 - Apache Kafka - Stream Data PlatformDevoxx fr 2016 - Apache Kafka - Stream Data Platform
Devoxx fr 2016 - Apache Kafka - Stream Data Platform
 
HTTP/2 : why upgrading the web? - apidays Paris
HTTP/2 : why upgrading the web? - apidays ParisHTTP/2 : why upgrading the web? - apidays Paris
HTTP/2 : why upgrading the web? - apidays Paris
 
GoSF Summerfest - Why Go at Apcera
GoSF Summerfest - Why Go at ApceraGoSF Summerfest - Why Go at Apcera
GoSF Summerfest - Why Go at Apcera
 
High Performance Systems in Go - GopherCon 2014
High Performance Systems in Go - GopherCon 2014High Performance Systems in Go - GopherCon 2014
High Performance Systems in Go - GopherCon 2014
 
Cluster Fudge: Recipes for WordPress in the Cloud (WordCamp Austin 2014 Speaker)
Cluster Fudge: Recipes for WordPress in the Cloud (WordCamp Austin 2014 Speaker)Cluster Fudge: Recipes for WordPress in the Cloud (WordCamp Austin 2014 Speaker)
Cluster Fudge: Recipes for WordPress in the Cloud (WordCamp Austin 2014 Speaker)
 
Http/2
Http/2Http/2
Http/2
 
Virus Bulletin 2012
Virus Bulletin 2012Virus Bulletin 2012
Virus Bulletin 2012
 
Microservices Without the Hassle
Microservices Without the HassleMicroservices Without the Hassle
Microservices Without the Hassle
 
2013 - Igor Sysoev - NGINx: origen, evolución y futuro - PHP Conference Argen...
2013 - Igor Sysoev - NGINx: origen, evolución y futuro - PHP Conference Argen...2013 - Igor Sysoev - NGINx: origen, evolución y futuro - PHP Conference Argen...
2013 - Igor Sysoev - NGINx: origen, evolución y futuro - PHP Conference Argen...
 
Introduce iRedMail Open Source Mail Server Solution
Introduce iRedMail Open Source Mail Server SolutionIntroduce iRedMail Open Source Mail Server Solution
Introduce iRedMail Open Source Mail Server Solution
 
What's beyond Virtualization - The Future of Cloud Platforms
What's beyond Virtualization - The Future of Cloud PlatformsWhat's beyond Virtualization - The Future of Cloud Platforms
What's beyond Virtualization - The Future of Cloud Platforms
 
Twitter Fatcache
Twitter FatcacheTwitter Fatcache
Twitter Fatcache
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013
 
Tech Talks_04.07.15_Session 4_Vladimir Iliev_Inter-thread Messaging With Disr...
Tech Talks_04.07.15_Session 4_Vladimir Iliev_Inter-thread Messaging With Disr...Tech Talks_04.07.15_Session 4_Vladimir Iliev_Inter-thread Messaging With Disr...
Tech Talks_04.07.15_Session 4_Vladimir Iliev_Inter-thread Messaging With Disr...
 

Viewers also liked

Cryptography and secure systems
Cryptography and secure systemsCryptography and secure systems
Cryptography and secure systems
Vsevolod Stakhov
 
Everybody runs this code all the time
Everybody runs this code all the timeEverybody runs this code all the time
Everybody runs this code all the time
Daniel Stenberg
 
HTTP/2 Update - FOSDEM 2016
HTTP/2 Update - FOSDEM 2016HTTP/2 Update - FOSDEM 2016
HTTP/2 Update - FOSDEM 2016
Daniel Stenberg
 
Internet all the things - curl everywhere!
Internet all the things - curl everywhere!Internet all the things - curl everywhere!
Internet all the things - curl everywhere!
Daniel Stenberg
 
HTTP/2 - for TCP/IP Geeks Stockholm
HTTP/2 - for TCP/IP Geeks StockholmHTTP/2 - for TCP/IP Geeks Stockholm
HTTP/2 - for TCP/IP Geeks Stockholm
Daniel Stenberg
 
TLS
TLSTLS
TLS
Daniel Stenberg
 
HTTPS Överallt
HTTPS ÖveralltHTTPS Överallt
HTTPS Överallt
Daniel Stenberg
 

Viewers also liked (7)

Cryptography and secure systems
Cryptography and secure systemsCryptography and secure systems
Cryptography and secure systems
 
Everybody runs this code all the time
Everybody runs this code all the timeEverybody runs this code all the time
Everybody runs this code all the time
 
HTTP/2 Update - FOSDEM 2016
HTTP/2 Update - FOSDEM 2016HTTP/2 Update - FOSDEM 2016
HTTP/2 Update - FOSDEM 2016
 
Internet all the things - curl everywhere!
Internet all the things - curl everywhere!Internet all the things - curl everywhere!
Internet all the things - curl everywhere!
 
HTTP/2 - for TCP/IP Geeks Stockholm
HTTP/2 - for TCP/IP Geeks StockholmHTTP/2 - for TCP/IP Geeks Stockholm
HTTP/2 - for TCP/IP Geeks Stockholm
 
TLS
TLSTLS
TLS
 
HTTPS Överallt
HTTPS ÖveralltHTTPS Överallt
HTTPS Överallt
 

Similar to curl and TLS #MeraKrypto

OpenSSL
OpenSSLOpenSSL
OpenSSL
Timbal Mayank
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSEC
Carlos Martinez Cagnazzo
 
Масштабируя TLS / Артём Гавриченков (Qrator Labs)
Масштабируя TLS / Артём Гавриченков (Qrator Labs)Масштабируя TLS / Артём Гавриченков (Qrator Labs)
Масштабируя TLS / Артём Гавриченков (Qrator Labs)
Ontico
 
Масштабируя TLS
Масштабируя TLSМасштабируя TLS
Масштабируя TLS
Qrator Labs
 
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
Deploy360 Programme (Internet Society)
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL English
SSL247®
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer security
Maarten Smeets
 
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
Gabriella Davis
 
Vital Aspects of SSL Support in MySQL
Vital Aspects of SSL Support in MySQLVital Aspects of SSL Support in MySQL
Vital Aspects of SSL Support in MySQL
Lesa Cote
 
ION Sri Lanka - DANE: The Future of TLS
ION Sri Lanka - DANE: The Future of TLSION Sri Lanka - DANE: The Future of TLS
ION Sri Lanka - DANE: The Future of TLS
Deploy360 Programme (Internet Society)
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
Arash Ramez
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2
Olle E Johansson
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and Future
Luis Grangeia
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and Future
Tiago Mendo
 
Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)
Zoompf
 
ION Santiago: Lock It Up: TLS for Network Operators
ION Santiago: Lock It Up: TLS for Network OperatorsION Santiago: Lock It Up: TLS for Network Operators
ION Santiago: Lock It Up: TLS for Network Operators
Deploy360 Programme (Internet Society)
 
wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013
wolfSSL
 
NZNOG 2020: DOH
NZNOG 2020: DOHNZNOG 2020: DOH
NZNOG 2020: DOH
APNIC
 
ION Sri Lanka - TLS for Network Operators
ION Sri Lanka - TLS for Network OperatorsION Sri Lanka - TLS for Network Operators
ION Sri Lanka - TLS for Network Operators
Deploy360 Programme (Internet Society)
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
ssuserec53e73
 

Similar to curl and TLS #MeraKrypto (20)

OpenSSL
OpenSSLOpenSSL
OpenSSL
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSEC
 
Масштабируя TLS / Артём Гавриченков (Qrator Labs)
Масштабируя TLS / Артём Гавриченков (Qrator Labs)Масштабируя TLS / Артём Гавриченков (Qrator Labs)
Масштабируя TLS / Артём Гавриченков (Qrator Labs)
 
Масштабируя TLS
Масштабируя TLSМасштабируя TLS
Масштабируя TLS
 
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL English
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer security
 
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
 
Vital Aspects of SSL Support in MySQL
Vital Aspects of SSL Support in MySQLVital Aspects of SSL Support in MySQL
Vital Aspects of SSL Support in MySQL
 
ION Sri Lanka - DANE: The Future of TLS
ION Sri Lanka - DANE: The Future of TLSION Sri Lanka - DANE: The Future of TLS
ION Sri Lanka - DANE: The Future of TLS
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and Future
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and Future
 
Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)
 
ION Santiago: Lock It Up: TLS for Network Operators
ION Santiago: Lock It Up: TLS for Network OperatorsION Santiago: Lock It Up: TLS for Network Operators
ION Santiago: Lock It Up: TLS for Network Operators
 
wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013
 
NZNOG 2020: DOH
NZNOG 2020: DOHNZNOG 2020: DOH
NZNOG 2020: DOH
 
ION Sri Lanka - TLS for Network Operators
ION Sri Lanka - TLS for Network OperatorsION Sri Lanka - TLS for Network Operators
ION Sri Lanka - TLS for Network Operators
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 

More from Daniel Stenberg

curl security by Daniel Stenberg from curl up 2024
curl security by Daniel Stenberg from curl up 2024curl security by Daniel Stenberg from curl up 2024
curl security by Daniel Stenberg from curl up 2024
Daniel Stenberg
 
rust in curl by Daniel Stenberg from- curl up 2024
rust in curl by Daniel Stenberg from- curl up 2024rust in curl by Daniel Stenberg from- curl up 2024
rust in curl by Daniel Stenberg from- curl up 2024
Daniel Stenberg
 
trurl 2024 by Daniel Stenberg from curl up 2024
trurl 2024 by Daniel Stenberg from curl up 2024trurl 2024 by Daniel Stenberg from curl up 2024
trurl 2024 by Daniel Stenberg from curl up 2024
Daniel Stenberg
 
curl future 2024 by Daniel Stenberg from curl up 2024
curl future 2024 by Daniel Stenberg from curl up 2024curl future 2024 by Daniel Stenberg from curl up 2024
curl future 2024 by Daniel Stenberg from curl up 2024
Daniel Stenberg
 
The state of curl 2024 by Daniel Stenberg from curl up 2024
The state of curl 2024 by Daniel Stenberg from curl up 2024The state of curl 2024 by Daniel Stenberg from curl up 2024
The state of curl 2024 by Daniel Stenberg from curl up 2024
Daniel Stenberg
 
mastering libcurl part 2
mastering libcurl part 2mastering libcurl part 2
mastering libcurl part 2
Daniel Stenberg
 
mastering libcurl part 1
mastering libcurl part 1mastering libcurl part 1
mastering libcurl part 1
Daniel Stenberg
 
curl - openfourm europe.pdf
curl - openfourm europe.pdfcurl - openfourm europe.pdf
curl - openfourm europe.pdf
Daniel Stenberg
 
curl experiments - curl up 2022
curl experiments - curl up 2022curl experiments - curl up 2022
curl experiments - curl up 2022
Daniel Stenberg
 
curl security - curl up 2022
curl security - curl up 2022curl security - curl up 2022
curl security - curl up 2022
Daniel Stenberg
 
HTTP/3 in curl - curl up 2022
HTTP/3 in curl - curl up 2022HTTP/3 in curl - curl up 2022
HTTP/3 in curl - curl up 2022
Daniel Stenberg
 
The state of curl 2022
The state of curl 2022The state of curl 2022
The state of curl 2022
Daniel Stenberg
 
Let me tell you about curl
Let me tell you about curlLet me tell you about curl
Let me tell you about curl
Daniel Stenberg
 
Curl with rust
Curl with rustCurl with rust
Curl with rust
Daniel Stenberg
 
Getting started with libcurl
Getting started with libcurlGetting started with libcurl
Getting started with libcurl
Daniel Stenberg
 
HTTP/3 is next generation HTTP
HTTP/3 is next generation HTTPHTTP/3 is next generation HTTP
HTTP/3 is next generation HTTP
Daniel Stenberg
 
Landing code in curl
Landing code in curlLanding code in curl
Landing code in curl
Daniel Stenberg
 
Testing curl for security
Testing curl for securityTesting curl for security
Testing curl for security
Daniel Stenberg
 
common mistakes when using libcurl
common mistakes when using libcurlcommon mistakes when using libcurl
common mistakes when using libcurl
Daniel Stenberg
 
HTTP/3 in curl 2020
HTTP/3 in curl 2020HTTP/3 in curl 2020
HTTP/3 in curl 2020
Daniel Stenberg
 

More from Daniel Stenberg (20)

curl security by Daniel Stenberg from curl up 2024
curl security by Daniel Stenberg from curl up 2024curl security by Daniel Stenberg from curl up 2024
curl security by Daniel Stenberg from curl up 2024
 
rust in curl by Daniel Stenberg from- curl up 2024
rust in curl by Daniel Stenberg from- curl up 2024rust in curl by Daniel Stenberg from- curl up 2024
rust in curl by Daniel Stenberg from- curl up 2024
 
trurl 2024 by Daniel Stenberg from curl up 2024
trurl 2024 by Daniel Stenberg from curl up 2024trurl 2024 by Daniel Stenberg from curl up 2024
trurl 2024 by Daniel Stenberg from curl up 2024
 
curl future 2024 by Daniel Stenberg from curl up 2024
curl future 2024 by Daniel Stenberg from curl up 2024curl future 2024 by Daniel Stenberg from curl up 2024
curl future 2024 by Daniel Stenberg from curl up 2024
 
The state of curl 2024 by Daniel Stenberg from curl up 2024
The state of curl 2024 by Daniel Stenberg from curl up 2024The state of curl 2024 by Daniel Stenberg from curl up 2024
The state of curl 2024 by Daniel Stenberg from curl up 2024
 
mastering libcurl part 2
mastering libcurl part 2mastering libcurl part 2
mastering libcurl part 2
 
mastering libcurl part 1
mastering libcurl part 1mastering libcurl part 1
mastering libcurl part 1
 
curl - openfourm europe.pdf
curl - openfourm europe.pdfcurl - openfourm europe.pdf
curl - openfourm europe.pdf
 
curl experiments - curl up 2022
curl experiments - curl up 2022curl experiments - curl up 2022
curl experiments - curl up 2022
 
curl security - curl up 2022
curl security - curl up 2022curl security - curl up 2022
curl security - curl up 2022
 
HTTP/3 in curl - curl up 2022
HTTP/3 in curl - curl up 2022HTTP/3 in curl - curl up 2022
HTTP/3 in curl - curl up 2022
 
The state of curl 2022
The state of curl 2022The state of curl 2022
The state of curl 2022
 
Let me tell you about curl
Let me tell you about curlLet me tell you about curl
Let me tell you about curl
 
Curl with rust
Curl with rustCurl with rust
Curl with rust
 
Getting started with libcurl
Getting started with libcurlGetting started with libcurl
Getting started with libcurl
 
HTTP/3 is next generation HTTP
HTTP/3 is next generation HTTPHTTP/3 is next generation HTTP
HTTP/3 is next generation HTTP
 
Landing code in curl
Landing code in curlLanding code in curl
Landing code in curl
 
Testing curl for security
Testing curl for securityTesting curl for security
Testing curl for security
 
common mistakes when using libcurl
common mistakes when using libcurlcommon mistakes when using libcurl
common mistakes when using libcurl
 
HTTP/3 in curl 2020
HTTP/3 in curl 2020HTTP/3 in curl 2020
HTTP/3 in curl 2020
 

Recently uploaded

Project Management Semester Long Project - Acuity
Project Management Semester Long Project - AcuityProject Management Semester Long Project - Acuity
Project Management Semester Long Project - Acuity
jpupo2018
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 

Recently uploaded (20)

Project Management Semester Long Project - Acuity
Project Management Semester Long Project - AcuityProject Management Semester Long Project - Acuity
Project Management Semester Long Project - Acuity
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 

curl and TLS #MeraKrypto

  • 1. #MeraKrypto TLS and curl Daniel Stenberg, April 29th 2014
  • 3. Daniel Stenberg Email: daniel@haxx.se Twitter: @bagder Web: daniel.haxx.se Blog: daniel.haxx.se/blog network hacker at
  • 4. Please ask! Feel free to interrupt and ask at any time!
  • 5. If I say SSL I mean TLS I tend to use the terms interchangeably
  • 6. curl • curl is a tool I made • born around 1998 • widely used for REST, downloads, scripted transfers and more • I expect everyone here to already know about it! • Added TLS support 1999 • Uses TLS for HTTPS, FTPS, POP3S, IMAPS, SMTPS, LDAPS and RTMPS • 100% free and open source - join us!
  • 7. libcurl 2014 •The engine of the curl tool •The world's most used, most portable and most feature complete URL transfer library •Empowers cars, set-top boxes, printers, routers, Bluray players, TV sets, phones, tablets, games, web sites and a bus load of other use case. •Used by hundreds of well known companies and brands •Some 500 million users •Written in C •More than 40 bindings - for every language you can think of
  • 8. TLS in libcurl •supports 10 different TLS back-ends •They differ in platform support, footprint, features, license and performance •Designed to be almost invisible to the user •Allows applications to add TLS secured transfers to their applications with no effort •libcurl itself often built upon by other layers
  • 9. The libcurl usage mistake #1 Reminder unauthenticated TLS is not secure
  • 10.
  • 11. The libcurl usage mistake #1 “Verify peer” and “verify host” •“but I just want encryption” •“but I can't afford a certificate” •“but it is annoying to my users” •“but it works just fine even if I disable it” •“but I don't need a client certificate”
  • 12. TLS obstacles Over time, the course gets harder The large set of obstacles are increasing and becoming harder to climb TLS-fronting applications need to care
  • 13. The TLS obstacle course SSLv2 SSLv3 < TLS1.2 BEAST CRIMERC4 MD5 Broken CAs Wildcard matching Verify cert Profit! ???
  • 14. CA cert bundle Needed to verify server cert Which Certificate Authorities do you trust? Did you edit your CA cert bundle today? The curl site offers a bundle converted from Mozilla sources Maintaining an own set is lots of work
  • 15. No end to TLS in sight •TCP improvements are discussed •TLS improvements are discussed •TCP replacements are discussed •CA and cert improvements are discussed •TLS replacements are not discussed •HTTP improvements are discussed...
  • 16. http2 •http2 is the new HTTP, arriving late 2014 •not yet set in stone •changes the over-the-wire data format •same old http:// and https:// URLs
  • 17. Will http2 fix HTTPS? •attempts were made to make TLS mandatory •fought by proxies, small-products and “surveillance friendly” parties •pushed by user-centric browser vendors •Firefox and Chrome will only do http2 over TLS •IE will do plain-text
  • 18. Opportunistic TLS •Alt-Svc: and ALTSVC •“You can also find this content over here =>” •Optional •Allows http:// over TLS! •Debated
  • 19. Future •Further TLS obstacles and problems •TLS 1.3 •DANE •tcpcrypt
  • 21. Learn more! •curl and libcurl: http://curl.haxx.se/ •http2 explained: http://daniel.haxx.se/http2 •Curl's TLS support compared: http://curl.haxx.se/docs/ssl-compared.html
  • 22. Doing good is part of our code