SlideShare a Scribd company logo

Managing the SSL Process

Rocket Software
Rocket Software

This document discusses managing SSL in Rocket MV products. It covers SSL vulnerabilities like Heartbleed and POODLE. It discusses industry trends moving away from SHA1 and disabling SSLv3. It outlines how UniData, UniVerse, and U2 clients support SSL, including managing certificates and security context records. It provides configuration options to strengthen SSL security.

Software
1 of 64
Download to read offline
1 Managing the SSL Process Nik Kesic Principal Technical Support Engineer
2 Credits and Acknowledgements Presenters • Nik Kesic, Principal Technical Support Engineer Developers • Nik Kesic, Principal Technical Support Engineer • Jing Cui, Principal Software Engineer • John Jenkins, Senior Technical Support Engineer ©2015 Rocket Software, Inc. All Rights Reserved.
3 Abstract  An unusual number of recent news articles spotlighting SSL security flaws including HeartBleed, POODLE, and FREAK, has forced major security policy changes in communication software and compliance standards. In order to meet the future security challenges, and to continue providing business, this session will highlight how Rocket MV product family can help you to fortify your data communications, and meet compliance requirements of today and tomorrow. ©2015 Rocket Software, Inc. All Rights Reserved.
4 Agenda ©2015 Rocket Software, Inc. All Rights Reserved. SSL Vulnerabilities Trends/Industry standards U2 products & features Call for action Summary Resources
5 MV Security Model ©2015 Rocket Software, Inc. All Rights Reserved. ADE SSL HADR SSO PKIAUDIT HIPAA PCI
6 SSL
7 SSL Agenda Application model Unsecure communication What is SSL? Why do we need SSL? How SSL works How is SSL supported in U2? Certificate generation Digital certificates Security Context Record (SCR) XAdmin: Managing SCR and U2 services
8 Hypothetical Application Model @ID 104357 FNAME John LNAME Doe ADDRES S 4600 S Ulster St CITY Denver STATE CO ZIP 80237 PHONE 800-426-4357 DOB 12/31/1967 SSN 123-45-6789 Client Application U2 Server Extranet Internet U2 Server Telnet Client Intranet Firewall U2 Web Service
9 Connect Connection Accepted Login: myuser MyUser01 Password: mypassword You are logged in Customer Data Unirpc/telnet protocol Client / Server: Unsecured Communication
10 What is SSL? Protocol that provides privacy and reliability between two communicating applications U2 supports SSLv2, SSLv3,TLSv1,TLSv1.1, TLSv1.2 • SSL (Secure Sockets Layer)  V2, V3: No longer recommended • TLS (Transport Layer Security)  IETF standard, improvement on SSLv3  V1.0 no longer recommended  V1.1 recommended  V1.2 recommended
11 SSL higher layer SSL record layer What is SSL? Protocol layer • Higher layer is used to encapsulate various application level protocols • Record layer layered on top of a reliable transport protocol (TCP) LDAPFTPTelnetHTTP IP TCP OTHER PROTOCOL LAYERS SSL/TLS
12 Why Do We Need SSL? Goals of communication security • Confidentiality  Problem: Anyone can see clear text  Solution: Encrypt the text • Message Integrity  Problem: Someone might alter the data  Solution: Guarantee the message block is original • Endpoint Authentication  Problem: Not sure who you are talking with  Solution: Ensure the communication end point is the intended target
13 Client / Server: Secure Communication Client Hello Server Hello Key Exchange Cipher Suite Negotiation Get Data Data Transfer Secure Data Transfer SSLHandshakeSSLDataTransfer Unirpc svc name Data Transfer Secure credentials
14 How Is SSL Supported in U2? Server products • Basic engine – BASIC Extensions  Secure Sockets  Secure CallHTTP (HTTPS)  Secure Soap • Telnet server • Unirpc services
15 How Is SSL Supported in U2? Client products • UOJ, UniJDBC, UniOLEDB, ODBC drivers, UniObjects • SBClient • wIntegrate • U2 Web Services – REST and SOAP • UODOTNET • U2 Web DE: 5.x • U2 Toolkit • U2 DBT resource view • SB/XA
16 How Is SSL Supported in U2? Underlining technology for U2 SSL • OpenSSL: for engine & telnet/UniObject/UniODBC/SBClient/wIntegrate • JSSE: for UOJ, UniJDBC & U2 Web Services • sslStream: for .NET Clients & SB/XA
17 Digital Certificates SHA1 now being discontinued SHA2 making its presence known Upgrade is important to meet the SHA2 presence ©2015 Rocket Software, Inc. All Rights Reserved.
18 U2 Certificate Management XAdmin • Two-step process  Generate a Certificate Signing Request (CSR) using XAdmin, BASIC, or Java keytool  Obtain the certificate • Two ways to obtain a certificate  Provide CSR to a third-party Certificate Authority (CA) o Recommended for production environment  Use XAdmin to generate certificate o Suitable for development environment or “closed world” • Four types of certificate stores  OS-level files  Java key store  Windows Certificate Store  U2 Root Certificate Store
19 Java Certificate Management keytool • Performs similar tasks to XAdmin SSL Configure  Certificate request (certreq)  Import of certificates (import) • Handles both key store and trust store • Used for Java clients & servers  UOJ, UniJDBC  U2 Soap server/Web Services Development tool • Extracting certificates from pkcs12
20 Security Context Record (SCR) A structure used by U2 servers to store data for an SSL session Holds all U2 SSL related properties Encrypted & stored in U2 SCR store • _SECUCTX_(for UD), &SECUCTX& (for UV) • SCR store must exist locally in each account (not file pointer) ODBC client products do not use SCR • SSL Configuration Editor
21 XAdmin: Managing SCR and U2 Services Two-step process • Create a Security Context Record (SCR) • Match the service to the SCR Pre-requisites to creating a SCR • Certificate(s)  Server: Requires its own certificate  Clients: Require CA-certificates to verify server • Private key  Servers: Required  Clients: Optional
22 Summary for U2 SSL  SSL is for data transmission security  U2 supports SSL in (almost) all products  Two must-know things in setting up SSL for U2 • Certificates  CA and certificate hierarchies  4 types of certificate stores  Use of XAdmin, OpenSSL, Java keytool, SSL Editor • Security Context Record (SCR)  Associates certificates/private key to a server/client  Created by XAdmin, BASIC  Troubleshooting U2 SSL problems • Logging is available on all servers & clients • U2 BASIC: ProtocolLogging()
23 Vulnerabilities, Trends, and Actions
24 Vulnerabilities Heartbleed – patch to OpenSSL 1.0.1m ShellShock – U2 not affected Poodle – patch to OpenSSL 1.0.1m Freak – patch to OpenSSL 1.0.1m LogJam – patch to OpenSSL 1.0.1m ©2015 Rocket Software, Inc. All Rights Reserved.
25 Trends & Industry Standards – Microsoft Microsoft policy change • Microsoft Root Certificate Program  SHA1 not allowed after January 1, 2016 • Disabled security protocols  SSL 3.0 will be disabled  TLSv1.0 questionable ©2015 Rocket Software, Inc. All Rights Reserved.
26 Trends & Industry Standards - Java Oracle Java policy change • Starting with the January 20, 2015 Critical Patch Update releases • Java Runtime Environment has SSLv3 disabled by default • JDK 8u31 • JDK 7u75 • JDK 6u91 http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html ©2015 Rocket Software, Inc. All Rights Reserved.
27 Java 8 Security Protocols Protocol Enabled by default for Client Enabled by default for Server SSLv3 No No TLSv1 Yes Yes TLSv1.1 Yes Yes TLSv1.2 Yes Yes ©2015 Rocket Software, Inc. All Rights Reserved.
28 Trends & Industry Standards - PCI “…SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016. Prior to this date, existing implementations that use SSL and/or early TLS must have a formal Risk Mitigation and Migration Plan in place. Effective immediately.” ©2015 Rocket Software, Inc. All Rights Reserved.
29 Trends & Industry Standards - HIPAA Follows NIST 800-52 • SSL v3 must not be used • TLS v1.0 ok for interoperability with non-government • TLS v1.1 & (TLS v1.2 recommended) • Only recommended ciphers to be used http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf ©2015 Rocket Software, Inc. All Rights Reserved.
30 U2 Products and Features
31 UniData Database and Versions 6.1.x > 7.3.6 • OpenSSL 0.9.7e • SSLv2, SSLv3, TLSv1 • SHA1 7.3.7 • OpenSSL 1.0.1m • SSLv2, SSLv3, TLSv1 • SHA1 and SHA2 8.1.x • OpenSSL 1.0.1m • SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2 • SHA1 and SHA2 • Enhanced CRL • Windows release can enable or disable non- secure telnet
32 UniVerse Database and Versions 11.1.x > 10.1.15 • OpenSSL 0.9.7e • SSLv2, SSLv3, TLSv1 • SHA1 11.2.0 • OpenSSL 1.0.1c • SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2 • SHA1 and SHA2 11.2.0 > 11.2.4 • OpenSSL 1.0.1m • SSLv2, SSLv3, TLSv1 • SHA1 and SHA2 11.2.5 • OpenSSL 1.0.1m • SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2 • SHA1 and SHA2 • Enhanced CRL
33 udtconfig / uvconfig # Communication and security section # SSL_PROTOCOLS TLSv1,TLSv1.1,TLSv1.2 SSL_OPTIONS NO_TLS_FALLBACK_SCSV
34 uvtelnetd/udtelnetd on UNIX/Linux /etc/inetd.conf uvssltelnet stream tcp nowait root /disk1/uv1125/bin/uvtelnetd uvtelnetd –d 3 -P sslv3+tlsv1+tlsv1.1+tlsv1.2 udssltelnet stream tcp nowait root /disk1/ud81/bin/udtelnetd udtelnetd –d 3 -P sslv3+tlsv1+tlsv1.1+tlsv1.2
35 uvtelnetd/udtelnetd Registry on Windows
36 U2 Clients - Programming using U2.Data.Client; … U2ConnectionStringBuilder conn_bldr = new U2ConnectionStringBuilder(); … conn_bldr.SslProtocols = "Tls12"; // check certificate revocation list conn_bldr.SslCheckCertificateRevocation = false; // check common name matches server name conn_bldr.SslIgnoreCertificateNameMismatch = true; // check certificate exists in root trust store conn_bldr.SslIgnoreIncompleteCertificateChain = true; …
37 UODOTNET- Programming
38 U2 Clients - ODBC U2 ODBC MSI Installer (32-bit/64-bit) New Registry Items • We have added SSL_PROTOCOLS REG_SZ TLSv1.1,TLSv1.2 • We have added SSL_OPTIONS REG_SZ TLS_FALLBACK_SCSV
39 U2 Clients - ODBC U2 ODBC MSI installer (32-bit/64-bit) New registry items • SSL_PROTOCOLS REG_SZ TLSv1.1,TLSv1.2 • SSL_OPTIONS REG_SZ TLS_FALLBACK_SCSV
40 U2 Clients - ODBC
41 XAdmin 4.x.x Manages • Secure Socket Layer (SSL) • Audit • Advanced Data Encryption Menus support all new features in UniData 8.1.0 and UniVerse 11.2.5 Secure “Resource View”
42 Root Certificate Store Takes away the mystery and complexity Secure CallHTTP and SOAP programming is simpler RCS is based on java 1.7 cacerts file Updates to .u2rcs repository is a regular administration task
43 Root Certificate Store Manager  The rcsman utility manages the U2 Root Certificate Store  rcsman commands • List • Import • Export • Delete • Change password • help default certificate store file = .u2rcs
44 Exporting Windows Trusted Root Certificates
45 Root Certificate Store Import
46 pkcs#12 / pfx Support  addCertificate(certPath, usedAs, format, algorithm, context, p12pass)  setPrivateKey(key, format, keyLoc, passPhrase, validate, context, p12pass)  analyzeCertificate(cert, format, result, p12pass)  SIGNATURE(algorithm, action, data, dataLoc, key, keyLoc, keyFmt, pass, sigIn, result, p12pass)  SSL property lists  U2 Root Certificate Store  rcsman utility  XAdmin
47 .unisecurity cat .unisecurity uvtelnetd /disk1/uv1125/HS.SALES mysha1 "password" udtelnetd /disk1/ud81/demo mysha1 "password" # cat .unisecurity N0lIclNYcTNWV2gxaGdVMnNkU2FsdF+7g0V3hwz+IeGxZ7oT/LFLwESiBqQtYZnnkO2OJW8 HzSfe3v7IX1qMRa8Ry0bxiSeOK5CJzsDFRUku8sxKUqQM8U61ZwdrJpnfwdpwsCHxVsTKl+ P59WevZHO0vVHxWe/Scpt0SHVBHSDSCJh7chOmhg8yuzUI3Ho4iA/0me3v/mYRugFXHcze YpUkVqmzLL5jTU68qG2c#
48 .unisecurity - XAdmin
49 .unisecurity – secuconf Command secuconf • The secuconf command is used to encrypt, decrypt, or modify the information in the .unisecurity file • secuconf {-encrypt|-decrypt|-retag|-edit|-isencrypted}[-pass password|- newpass new password|-out outfile|-log logfile|- editor editor|-tag] cfgfile
50 wIntegrate 6.3.7
51 SBClient 6.3.3
52 U2 DBTools Resource View
53 Tips Ciphers • -cipher RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW • HIGH:!aNULL:!MD5:!EXP OpenSSL command line tool • OpenSSL s_server … • OpenSSL s_client …
54 Certificate Management Tool - CMT These statements represent Rocket Software’s current intentions. Rocket development plans are subject to change or withdrawal without further notice. Any reliance on these statements is at the relying party’s sole risk and will not create any liability or obligation for Rocket
55 CMT– What It Does Convert files from PKCS#12(pfx) < > PKCS#8(pem) Test SSL connections as client or server or both Create Java Key Store (JKS) Import and export in JKS View certificates in pfx, pem, jks ©2015 Rocket Software, Inc. All Rights Reserved.
56 CMT Get from GitHub Create certificate request Create self signed certificate Create JKS Fire up SSL server using self-signed FIRE up SSL client and communicate to server ©2015 Rocket Software, Inc. All Rights Reserved.
57 Call for Action - Upgrade UniVerse and UniData using OpenSSL 1.0.1m • UniVerse 11.2.4 • UniVerse 11.2.5 Strongly Preferred • UniData 7.3.7 • UniData 8.1.0 Strongly Preferred ©2015 Rocket Software, Inc. All Rights Reserved.
58 Call for Action - Upgrade wIntegrate 6.3.7 SBClient 6.3.3 ODBC 32/64 bit build UCC-3156 U2 Client Toolkit • U2 Data Client • UODOTNET U2 DB TOOLS 4.x ©2015 Rocket Software, Inc. All Rights Reserved.
59 Summary  Data confidentiality, integrity, and availability are under pressure  Advanced Persistent Threat (APT)  Compliance to security auditing are a necessity and complex  Upgrading is more urgent than ever to meet compliance  Rocket Software is committed to meet the security technical challenges and changes
60 A Look into the Future TLSv1.3 – RFC-5246 • September 2015, TLS 1.3 is a working draft • Based on the earlier TLS 1.2 specification SHA3 (Secure Hash Algorithm 3) • SHA-3 is not meant to replace SHA-2, as no significant attack on SHA-2 • The SHA-3 standard was released by NIST on August 5, 2015 These statements represent Rocket Software’s current intentions. Rocket development plans are subject to change or withdrawal without further notice. Any reliance on these statements is at the relying party’s sole risk and will not create any liability or obligation for Rocket
61 Additional Resources  Find further information • U2 documentation http://www.rocketsoftware.com/resource/u2-technical-documentation  Links • https://www.rocketsoftware.com • https://technet.microsoft.com/ • https://www.oracle.com • https://openssl.org • https://www.hhs.gov • http://www.rocketsoftware.com/training-and-professional-services/rocket-u2  Contacts • u2askus@rocketsoftware.com • u2support@rocketsoftware.com ©2015 Rocket Software, Inc. All Rights Reserved.
62 Disclaimer THE INFORMATION CONTAINED IN THIS PRESENTATION IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. WHILE EFFORTS WERE MADE TO VERIFY THE COMPLETENESS AND ACCURACY OF THE INFORMATION CONTAINED IN THIS PRESENTATION, IT IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. IN ADDITION, THIS INFORMATION IS BASED ON ROCKET SOFTWARE’S CURRENT PRODUCT PLANS AND STRATEGY, WHICH ARE SUBJECT TO CHANGE BY ROCKET SOFTWAREWITHOUT NOTICE. ROCKET SOFTWARE SHALL NOT BE RESPONSIBLE FOR ANY DAMAGES ARISING OUT OF THE USE OF, OR OTHERWISE RELATED TO, THIS PRESENTATION OR ANY OTHER DOCUMENTATION. NOTHING CONTAINED IN THIS PRESENTATION IS INTENDED TO, OR SHALL HAVE THE EFFECT OF: • CREATING ANY WARRANTY OR REPRESENTATION FROM ROCKET SOFTWARE(OR ITS AFFILIATES OR ITS OR THEIR SUPPLIERS AND/OR LICENSORS); OR • ALTERING THE TERMS AND CONDITIONS OF THE APPLICABLE LICENSE AGREEMENT GOVERNING THE USE OF ROCKET SOFTWARE. ©2015 Rocket Software, Inc. All Rights Reserved.
63 Trademarks and Acknowledgements The trademarks and service marks identified in the following list are the exclusive properties of Rocket Software, Inc. and its subsidiaries (collectively, “Rocket Software”). These marks are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. Not all trademarks owned by Rocket Software are listed. The absence of a mark from this page neither constitutes a waiver of any intellectual property rights that Rocket Software has established in its marks nor means that Rocket Software is not owner of any such marks. Aldon, CorVu, Dynamic Connect, D3, FlashConnect, Pick, mvBase, MvEnterprise, NetCure, Rocket, SystemBuilder, U2, U2 Web Development Environment, UniData, UniVerse, and wIntegrate Other company, product, and service names mentioned herein may be trademarks or service marks of others. ©2015 Rocket Software, Inc. All Rights Reserved.
64

Recommended

Video games
Video gamesVideo games
Video games
Nihad Azimli
 
Violence in video games
Violence in video gamesViolence in video games
Violence in video games
Marko Crnila
 
Streaming media presentation
Streaming media presentationStreaming media presentation
Streaming media presentation
Kyra Walton
 
Game Interface Design
Game Interface DesignGame Interface Design
Game Interface Design
Chris Castaldi
 
Gaming consoles
Gaming consolesGaming consoles
Gaming consoles
✌🏽Kashis Thakur
 
Video Game, The Side Effect 0856941
Video Game, The Side Effect 0856941Video Game, The Side Effect 0856941
Video Game, The Side Effect 0856941
tutmon430
 
Windows 7
Windows 7Windows 7
Windows 7
ankur bhalla
 
Introduction To Google Chrome Os
Introduction To Google Chrome OsIntroduction To Google Chrome Os
Introduction To Google Chrome OsSaurabh Jinturkar
 

Recommended

Video games
Video gamesVideo games
Video games
Nihad Azimli
 
Violence in video games
Violence in video gamesViolence in video games
Violence in video games
Marko Crnila
 
Streaming media presentation
Streaming media presentationStreaming media presentation
Streaming media presentation
Kyra Walton
 
Game Interface Design
Game Interface DesignGame Interface Design
Game Interface Design
Chris Castaldi
 
Gaming consoles
Gaming consolesGaming consoles
Gaming consoles
✌🏽Kashis Thakur
 
Video Game, The Side Effect 0856941
Video Game, The Side Effect 0856941Video Game, The Side Effect 0856941
Video Game, The Side Effect 0856941
tutmon430
 
Windows 7
Windows 7Windows 7
Windows 7
ankur bhalla
 
Introduction To Google Chrome Os
Introduction To Google Chrome OsIntroduction To Google Chrome Os
Introduction To Google Chrome OsSaurabh Jinturkar
 
Linux
LinuxLinux
Linux
RittikaBaksi
 
Technical Seminar Topic on Google glass
Technical Seminar Topic on Google glassTechnical Seminar Topic on Google glass
Technical Seminar Topic on Google glass
Rohit Agrawal
 
Gaming Presentation
Gaming PresentationGaming Presentation
Gaming Presentation
Mahipal Singh
 
Ch21 windows 10
Ch21 windows 10Ch21 windows 10
Ch21 windows 10
jmantilla
 
Proposal Penelitian Robot Underwater
Proposal Penelitian Robot UnderwaterProposal Penelitian Robot Underwater
Proposal Penelitian Robot Underwater
Abdul Fauzan
 
Chrome OS: The Stateless Operating System
Chrome OS: The Stateless Operating SystemChrome OS: The Stateless Operating System
Chrome OS: The Stateless Operating System
Chatchai Wangwiwattana
 
LAFS Game Design 8 - Playtesting
LAFS Game Design 8 - PlaytestingLAFS Game Design 8 - Playtesting
LAFS Game Design 8 - Playtesting
David Mullich
 
Ui in unity
Ui in unityUi in unity
Ui in unity
Noam Gat
 
Windows 7
Windows 7Windows 7
Windows 7
Paras Wadher
 
Different types of operating systems
Different types of operating systems Different types of operating systems
Different types of operating systems
Mehul Jain
 
The Basics of Unity - The Game Engine
The Basics of Unity - The Game EngineThe Basics of Unity - The Game Engine
The Basics of Unity - The Game Engine
OrisysIndia
 
Console Video Game History
Console Video Game HistoryConsole Video Game History
Console Video Game History
marty_b11
 
Chapter 2 multimedia authoring and tools
Chapter 2 multimedia authoring and toolsChapter 2 multimedia authoring and tools
Chapter 2 multimedia authoring and tools
ABDUmomo
 
Game design doc template
Game design doc templateGame design doc template
Game design doc templatedavewilliamharrison
 
Android is the future
Android is the futureAndroid is the future
Android is the future
khelll
 
Game Design 2: Lecture 4: Game UI Components
Game Design 2: Lecture 4: Game UI ComponentsGame Design 2: Lecture 4: Game UI Components
Game Design 2: Lecture 4: Game UI Components
David Farrell
 
Google chrome operating system.ppt
Google chrome operating system.pptGoogle chrome operating system.ppt
Google chrome operating system.ppt
bhubohara
 
Chrome os
Chrome os Chrome os
Chrome os vishal jadav
 
Audio Editing Basics with Audacity 2021
Audio Editing Basics with Audacity 2021Audio Editing Basics with Audacity 2021
Audio Editing Basics with Audacity 2021
John Allan
 
Essential API Facade Patterns: Synchronous to Asynchronous Conversion (Episod...
Essential API Facade Patterns: Synchronous to Asynchronous Conversion (Episod...Essential API Facade Patterns: Synchronous to Asynchronous Conversion (Episod...
Essential API Facade Patterns: Synchronous to Asynchronous Conversion (Episod...Apigee | Google Cloud
 
D3 Unix Hot Backup
D3 Unix Hot BackupD3 Unix Hot Backup
D3 Unix Hot Backup
Rocket Software
 
Implementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software QualityImplementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software Quality
Rocket Software
 

More Related Content

What's hot

Linux
LinuxLinux
Linux
RittikaBaksi
 
Technical Seminar Topic on Google glass
Technical Seminar Topic on Google glassTechnical Seminar Topic on Google glass
Technical Seminar Topic on Google glass
Rohit Agrawal
 
Gaming Presentation
Gaming PresentationGaming Presentation
Gaming Presentation
Mahipal Singh
 
Ch21 windows 10
Ch21 windows 10Ch21 windows 10
Ch21 windows 10
jmantilla
 
Proposal Penelitian Robot Underwater
Proposal Penelitian Robot UnderwaterProposal Penelitian Robot Underwater
Proposal Penelitian Robot Underwater
Abdul Fauzan
 
Chrome OS: The Stateless Operating System
Chrome OS: The Stateless Operating SystemChrome OS: The Stateless Operating System
Chrome OS: The Stateless Operating System
Chatchai Wangwiwattana
 
LAFS Game Design 8 - Playtesting
LAFS Game Design 8 - PlaytestingLAFS Game Design 8 - Playtesting
LAFS Game Design 8 - Playtesting
David Mullich
 
Ui in unity
Ui in unityUi in unity
Ui in unity
Noam Gat
 
Windows 7
Windows 7Windows 7
Windows 7
Paras Wadher
 
Different types of operating systems
Different types of operating systems Different types of operating systems
Different types of operating systems
Mehul Jain
 
The Basics of Unity - The Game Engine
The Basics of Unity - The Game EngineThe Basics of Unity - The Game Engine
The Basics of Unity - The Game Engine
OrisysIndia
 
Console Video Game History
Console Video Game HistoryConsole Video Game History
Console Video Game History
marty_b11
 
Chapter 2 multimedia authoring and tools
Chapter 2 multimedia authoring and toolsChapter 2 multimedia authoring and tools
Chapter 2 multimedia authoring and tools
ABDUmomo
 
Android is the future
Android is the futureAndroid is the future
Android is the future
khelll
 
Game Design 2: Lecture 4: Game UI Components
Game Design 2: Lecture 4: Game UI ComponentsGame Design 2: Lecture 4: Game UI Components
Game Design 2: Lecture 4: Game UI Components
David Farrell
 
Google chrome operating system.ppt
Google chrome operating system.pptGoogle chrome operating system.ppt
Google chrome operating system.ppt
bhubohara
 
Audio Editing Basics with Audacity 2021
Audio Editing Basics with Audacity 2021Audio Editing Basics with Audacity 2021
Audio Editing Basics with Audacity 2021
John Allan
 
Essential API Facade Patterns: Synchronous to Asynchronous Conversion (Episod...
Essential API Facade Patterns: Synchronous to Asynchronous Conversion (Episod...Essential API Facade Patterns: Synchronous to Asynchronous Conversion (Episod...
Essential API Facade Patterns: Synchronous to Asynchronous Conversion (Episod...Apigee | Google Cloud
 

What's hot (20)

Linux
LinuxLinux
Linux
 
Technical Seminar Topic on Google glass
Technical Seminar Topic on Google glassTechnical Seminar Topic on Google glass
Technical Seminar Topic on Google glass
 
Gaming Presentation
Gaming PresentationGaming Presentation
Gaming Presentation
 
Ch21 windows 10
Ch21 windows 10Ch21 windows 10
Ch21 windows 10
 
Proposal Penelitian Robot Underwater
Proposal Penelitian Robot UnderwaterProposal Penelitian Robot Underwater
Proposal Penelitian Robot Underwater
 
Chrome OS: The Stateless Operating System
Chrome OS: The Stateless Operating SystemChrome OS: The Stateless Operating System
Chrome OS: The Stateless Operating System
 
LAFS Game Design 8 - Playtesting
LAFS Game Design 8 - PlaytestingLAFS Game Design 8 - Playtesting
LAFS Game Design 8 - Playtesting
 
Ui in unity
Ui in unityUi in unity
Ui in unity
 
Windows 7
Windows 7Windows 7
Windows 7
 
Different types of operating systems
Different types of operating systems Different types of operating systems
Different types of operating systems
 
The Basics of Unity - The Game Engine
The Basics of Unity - The Game EngineThe Basics of Unity - The Game Engine
The Basics of Unity - The Game Engine
 
Console Video Game History
Console Video Game HistoryConsole Video Game History
Console Video Game History
 
Chapter 2 multimedia authoring and tools
Chapter 2 multimedia authoring and toolsChapter 2 multimedia authoring and tools
Chapter 2 multimedia authoring and tools
 
Game design doc template
Game design doc templateGame design doc template
Game design doc template
 
Android is the future
Android is the futureAndroid is the future
Android is the future
 
Game Design 2: Lecture 4: Game UI Components
Game Design 2: Lecture 4: Game UI ComponentsGame Design 2: Lecture 4: Game UI Components
Game Design 2: Lecture 4: Game UI Components
 
Google chrome operating system.ppt
Google chrome operating system.pptGoogle chrome operating system.ppt
Google chrome operating system.ppt
 
Chrome os
Chrome os Chrome os
Chrome os
 
Audio Editing Basics with Audacity 2021
Audio Editing Basics with Audacity 2021Audio Editing Basics with Audacity 2021
Audio Editing Basics with Audacity 2021
 
Essential API Facade Patterns: Synchronous to Asynchronous Conversion (Episod...
Essential API Facade Patterns: Synchronous to Asynchronous Conversion (Episod...Essential API Facade Patterns: Synchronous to Asynchronous Conversion (Episod...
Essential API Facade Patterns: Synchronous to Asynchronous Conversion (Episod...
 

Viewers also liked

D3 Unix Hot Backup
D3 Unix Hot BackupD3 Unix Hot Backup
D3 Unix Hot Backup
Rocket Software
 
Implementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software QualityImplementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software Quality
Rocket Software
 
SB Support System
SB Support SystemSB Support System
SB Support System
Rocket Software
 
U2 Replication with EDA for Report Servers
U2 Replication with EDA for Report ServersU2 Replication with EDA for Report Servers
U2 Replication with EDA for Report Servers
Rocket Software
 
What’s New in UniVerse 11.2
What’s New in UniVerse 11.2What’s New in UniVerse 11.2
What’s New in UniVerse 11.2
Rocket Software
 
Giddy Up on GitHub
Giddy Up on GitHubGiddy Up on GitHub
Giddy Up on GitHub
Rocket Software
 
D3 MVS Toolkit
D3 MVS ToolkitD3 MVS Toolkit
D3 MVS Toolkit
Rocket Software
 
Node.js Tools Ecosystem
Node.js Tools EcosystemNode.js Tools Ecosystem
Node.js Tools Ecosystem
Rocket Software
 
U2 Replication for HADR
U2 Replication for HADRU2 Replication for HADR
U2 Replication for HADR
Rocket Software
 
UniVerse11.2 Audit Logging
UniVerse11.2 Audit LoggingUniVerse11.2 Audit Logging
UniVerse11.2 Audit Logging
Rocket Software
 
UniVerse Files
UniVerse FilesUniVerse Files
UniVerse Files
Rocket Software
 
8.1 In Depth: New 64-bit Files and File Management
8.1 In Depth: New 64-bit Files and File Management8.1 In Depth: New 64-bit Files and File Management
8.1 In Depth: New 64-bit Files and File Management
Rocket Software
 
MultiValue Security
MultiValue SecurityMultiValue Security
MultiValue Security
Rocket Software
 
D3 Troubleshooting
D3 TroubleshootingD3 Troubleshooting
D3 Troubleshooting
Rocket Software
 
D3 FSI Hot Backup
D3 FSI Hot BackupD3 FSI Hot Backup
D3 FSI Hot Backup
Rocket Software
 
Explore What’s New In UniData 8.1
Explore What’s New In UniData 8.1Explore What’s New In UniData 8.1
Explore What’s New In UniData 8.1
Rocket Software
 
Create a MV file sharing module using R/Link
Create a MV file sharing module using R/LinkCreate a MV file sharing module using R/Link
Create a MV file sharing module using R/Link
Rocket Software
 
Create a Data Encryption Strategy using ADE
Create a Data Encryption Strategy using ADECreate a Data Encryption Strategy using ADE
Create a Data Encryption Strategy using ADE
Rocket Software
 
BI and Dashboarding Best Practices
BI and Dashboarding Best Practices BI and Dashboarding Best Practices
BI and Dashboarding Best Practices
Rocket Software
 
Driving a PHP Application with MultiValue Data
Driving a PHP Application with MultiValue DataDriving a PHP Application with MultiValue Data
Driving a PHP Application with MultiValue Data
Rocket Software
 

Viewers also liked (20)

D3 Unix Hot Backup
D3 Unix Hot BackupD3 Unix Hot Backup
D3 Unix Hot Backup
 
Implementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software QualityImplementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software Quality
 
SB Support System
SB Support SystemSB Support System
SB Support System
 
U2 Replication with EDA for Report Servers
U2 Replication with EDA for Report ServersU2 Replication with EDA for Report Servers
U2 Replication with EDA for Report Servers
 
What’s New in UniVerse 11.2
What’s New in UniVerse 11.2What’s New in UniVerse 11.2
What’s New in UniVerse 11.2
 
Giddy Up on GitHub
Giddy Up on GitHubGiddy Up on GitHub
Giddy Up on GitHub
 
D3 MVS Toolkit
D3 MVS ToolkitD3 MVS Toolkit
D3 MVS Toolkit
 
Node.js Tools Ecosystem
Node.js Tools EcosystemNode.js Tools Ecosystem
Node.js Tools Ecosystem
 
U2 Replication for HADR
U2 Replication for HADRU2 Replication for HADR
U2 Replication for HADR
 
UniVerse11.2 Audit Logging
UniVerse11.2 Audit LoggingUniVerse11.2 Audit Logging
UniVerse11.2 Audit Logging
 
UniVerse Files
UniVerse FilesUniVerse Files
UniVerse Files
 
8.1 In Depth: New 64-bit Files and File Management
8.1 In Depth: New 64-bit Files and File Management8.1 In Depth: New 64-bit Files and File Management
8.1 In Depth: New 64-bit Files and File Management
 
MultiValue Security
MultiValue SecurityMultiValue Security
MultiValue Security
 
D3 Troubleshooting
D3 TroubleshootingD3 Troubleshooting
D3 Troubleshooting
 
D3 FSI Hot Backup
D3 FSI Hot BackupD3 FSI Hot Backup
D3 FSI Hot Backup
 
Explore What’s New In UniData 8.1
Explore What’s New In UniData 8.1Explore What’s New In UniData 8.1
Explore What’s New In UniData 8.1
 
Create a MV file sharing module using R/Link
Create a MV file sharing module using R/LinkCreate a MV file sharing module using R/Link
Create a MV file sharing module using R/Link
 
Create a Data Encryption Strategy using ADE
Create a Data Encryption Strategy using ADECreate a Data Encryption Strategy using ADE
Create a Data Encryption Strategy using ADE
 
BI and Dashboarding Best Practices
BI and Dashboarding Best Practices BI and Dashboarding Best Practices
BI and Dashboarding Best Practices
 
Driving a PHP Application with MultiValue Data
Driving a PHP Application with MultiValue DataDriving a PHP Application with MultiValue Data
Driving a PHP Application with MultiValue Data
 

Similar to Managing the SSL Process

F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
Brian A. McHenry
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami Laiho
NCCOMMS
 
Decrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern TrafficDecrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern Traffic
Shain Singh
 
Securing Data in Transit -
Securing Data in Transit - Securing Data in Transit -
Securing Data in Transit - wolfSSL
 
Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC Miniclusteru
MarketingArrowECS_CZ
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjur
conjur_inc
 
What is this DevOps thing and why do I need it?
What is this DevOps thing and why do I need it?What is this DevOps thing and why do I need it?
What is this DevOps thing and why do I need it?Safe Swiss Cloud
 
Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021
Leadex Systems
 
State of the Web
State of the WebState of the Web
State of the Web
CASCouncil
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
Kurtis Kemple
 
Here Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New WorldHere Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New World
C4Media
 
Getting Safe Swiss Cloud up and running with CloudStack
Getting Safe Swiss Cloud up and running with CloudStackGetting Safe Swiss Cloud up and running with CloudStack
Getting Safe Swiss Cloud up and running with CloudStack
Prodosh Banerjee
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginners
Tobias Koprowski
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
 
KoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginnersKoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginners
Tobias Koprowski
 
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOSIntroduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
MediaTek Labs
 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge Clouds
Jay Bryant
 
Nordic infrastructure Conference 2017 - SQL Server on Linux Overview
Nordic infrastructure Conference 2017 - SQL Server on Linux OverviewNordic infrastructure Conference 2017 - SQL Server on Linux Overview
Nordic infrastructure Conference 2017 - SQL Server on Linux Overview
Travis Wright
 
Java script and web cryptography (cf.objective)
Java script and web cryptography (cf.objective)Java script and web cryptography (cf.objective)
Java script and web cryptography (cf.objective)
ColdFusionConference
 

Similar to Managing the SSL Process (20)

F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami Laiho
 
Decrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern TrafficDecrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern Traffic
 
Securing Data in Transit -
Securing Data in Transit - Securing Data in Transit -
Securing Data in Transit -
 
Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC Miniclusteru
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjur
 
What is this DevOps thing and why do I need it?
What is this DevOps thing and why do I need it?What is this DevOps thing and why do I need it?
What is this DevOps thing and why do I need it?
 
Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021
 
State of the Web
State of the WebState of the Web
State of the Web
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
 
Here Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New WorldHere Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New World
 
Getting Safe Swiss Cloud up and running with CloudStack
Getting Safe Swiss Cloud up and running with CloudStackGetting Safe Swiss Cloud up and running with CloudStack
Getting Safe Swiss Cloud up and running with CloudStack
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginners
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
 
KoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginnersKoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginners
 
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOSIntroduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge Clouds
 
Nordic infrastructure Conference 2017 - SQL Server on Linux Overview
Nordic infrastructure Conference 2017 - SQL Server on Linux OverviewNordic infrastructure Conference 2017 - SQL Server on Linux Overview
Nordic infrastructure Conference 2017 - SQL Server on Linux Overview
 
Java script and web cryptography (cf.objective)
Java script and web cryptography (cf.objective)Java script and web cryptography (cf.objective)
Java script and web cryptography (cf.objective)
 

Recently uploaded

Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
kalichargn70th171
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
e20449
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
Google
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
Georgi Kodinov
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
IES VE
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
RISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent EnterpriseRISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent Enterprise
Srikant77
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke
 

Recently uploaded (20)

Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
RISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent EnterpriseRISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent Enterprise
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
 

Managing the SSL Process

  • 1. 1 Managing the SSL Process Nik Kesic Principal Technical Support Engineer
  • 2. 2 Credits and Acknowledgements Presenters • Nik Kesic, Principal Technical Support Engineer Developers • Nik Kesic, Principal Technical Support Engineer • Jing Cui, Principal Software Engineer • John Jenkins, Senior Technical Support Engineer ©2015 Rocket Software, Inc. All Rights Reserved.
  • 3. 3 Abstract  An unusual number of recent news articles spotlighting SSL security flaws including HeartBleed, POODLE, and FREAK, has forced major security policy changes in communication software and compliance standards. In order to meet the future security challenges, and to continue providing business, this session will highlight how Rocket MV product family can help you to fortify your data communications, and meet compliance requirements of today and tomorrow. ©2015 Rocket Software, Inc. All Rights Reserved.
  • 4. 4 Agenda ©2015 Rocket Software, Inc. All Rights Reserved. SSL Vulnerabilities Trends/Industry standards U2 products & features Call for action Summary Resources
  • 5. 5 MV Security Model ©2015 Rocket Software, Inc. All Rights Reserved. ADE SSL HADR SSO PKIAUDIT HIPAA PCI
  • 7. 7 SSL Agenda Application model Unsecure communication What is SSL? Why do we need SSL? How SSL works How is SSL supported in U2? Certificate generation Digital certificates Security Context Record (SCR) XAdmin: Managing SCR and U2 services
  • 8. 8 Hypothetical Application Model @ID 104357 FNAME John LNAME Doe ADDRES S 4600 S Ulster St CITY Denver STATE CO ZIP 80237 PHONE 800-426-4357 DOB 12/31/1967 SSN 123-45-6789 Client Application U2 Server Extranet Internet U2 Server Telnet Client Intranet Firewall U2 Web Service
  • 9. 9 Connect Connection Accepted Login: myuser MyUser01 Password: mypassword You are logged in Customer Data Unirpc/telnet protocol Client / Server: Unsecured Communication
  • 10. 10 What is SSL? Protocol that provides privacy and reliability between two communicating applications U2 supports SSLv2, SSLv3,TLSv1,TLSv1.1, TLSv1.2 • SSL (Secure Sockets Layer)  V2, V3: No longer recommended • TLS (Transport Layer Security)  IETF standard, improvement on SSLv3  V1.0 no longer recommended  V1.1 recommended  V1.2 recommended
  • 11. 11 SSL higher layer SSL record layer What is SSL? Protocol layer • Higher layer is used to encapsulate various application level protocols • Record layer layered on top of a reliable transport protocol (TCP) LDAPFTPTelnetHTTP IP TCP OTHER PROTOCOL LAYERS SSL/TLS
  • 12. 12 Why Do We Need SSL? Goals of communication security • Confidentiality  Problem: Anyone can see clear text  Solution: Encrypt the text • Message Integrity  Problem: Someone might alter the data  Solution: Guarantee the message block is original • Endpoint Authentication  Problem: Not sure who you are talking with  Solution: Ensure the communication end point is the intended target
  • 13. 13 Client / Server: Secure Communication Client Hello Server Hello Key Exchange Cipher Suite Negotiation Get Data Data Transfer Secure Data Transfer SSLHandshakeSSLDataTransfer Unirpc svc name Data Transfer Secure credentials
  • 14. 14 How Is SSL Supported in U2? Server products • Basic engine – BASIC Extensions  Secure Sockets  Secure CallHTTP (HTTPS)  Secure Soap • Telnet server • Unirpc services
  • 15. 15 How Is SSL Supported in U2? Client products • UOJ, UniJDBC, UniOLEDB, ODBC drivers, UniObjects • SBClient • wIntegrate • U2 Web Services – REST and SOAP • UODOTNET • U2 Web DE: 5.x • U2 Toolkit • U2 DBT resource view • SB/XA
  • 16. 16 How Is SSL Supported in U2? Underlining technology for U2 SSL • OpenSSL: for engine & telnet/UniObject/UniODBC/SBClient/wIntegrate • JSSE: for UOJ, UniJDBC & U2 Web Services • sslStream: for .NET Clients & SB/XA
  • 17. 17 Digital Certificates SHA1 now being discontinued SHA2 making its presence known Upgrade is important to meet the SHA2 presence ©2015 Rocket Software, Inc. All Rights Reserved.
  • 18. 18 U2 Certificate Management XAdmin • Two-step process  Generate a Certificate Signing Request (CSR) using XAdmin, BASIC, or Java keytool  Obtain the certificate • Two ways to obtain a certificate  Provide CSR to a third-party Certificate Authority (CA) o Recommended for production environment  Use XAdmin to generate certificate o Suitable for development environment or “closed world” • Four types of certificate stores  OS-level files  Java key store  Windows Certificate Store  U2 Root Certificate Store
  • 19. 19 Java Certificate Management keytool • Performs similar tasks to XAdmin SSL Configure  Certificate request (certreq)  Import of certificates (import) • Handles both key store and trust store • Used for Java clients & servers  UOJ, UniJDBC  U2 Soap server/Web Services Development tool • Extracting certificates from pkcs12
  • 20. 20 Security Context Record (SCR) A structure used by U2 servers to store data for an SSL session Holds all U2 SSL related properties Encrypted & stored in U2 SCR store • _SECUCTX_(for UD), &SECUCTX& (for UV) • SCR store must exist locally in each account (not file pointer) ODBC client products do not use SCR • SSL Configuration Editor
  • 21. 21 XAdmin: Managing SCR and U2 Services Two-step process • Create a Security Context Record (SCR) • Match the service to the SCR Pre-requisites to creating a SCR • Certificate(s)  Server: Requires its own certificate  Clients: Require CA-certificates to verify server • Private key  Servers: Required  Clients: Optional
  • 22. 22 Summary for U2 SSL  SSL is for data transmission security  U2 supports SSL in (almost) all products  Two must-know things in setting up SSL for U2 • Certificates  CA and certificate hierarchies  4 types of certificate stores  Use of XAdmin, OpenSSL, Java keytool, SSL Editor • Security Context Record (SCR)  Associates certificates/private key to a server/client  Created by XAdmin, BASIC  Troubleshooting U2 SSL problems • Logging is available on all servers & clients • U2 BASIC: ProtocolLogging()
  • 24. 24 Vulnerabilities Heartbleed – patch to OpenSSL 1.0.1m ShellShock – U2 not affected Poodle – patch to OpenSSL 1.0.1m Freak – patch to OpenSSL 1.0.1m LogJam – patch to OpenSSL 1.0.1m ©2015 Rocket Software, Inc. All Rights Reserved.
  • 25. 25 Trends & Industry Standards – Microsoft Microsoft policy change • Microsoft Root Certificate Program  SHA1 not allowed after January 1, 2016 • Disabled security protocols  SSL 3.0 will be disabled  TLSv1.0 questionable ©2015 Rocket Software, Inc. All Rights Reserved.
  • 26. 26 Trends & Industry Standards - Java Oracle Java policy change • Starting with the January 20, 2015 Critical Patch Update releases • Java Runtime Environment has SSLv3 disabled by default • JDK 8u31 • JDK 7u75 • JDK 6u91 http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html ©2015 Rocket Software, Inc. All Rights Reserved.
  • 27. 27 Java 8 Security Protocols Protocol Enabled by default for Client Enabled by default for Server SSLv3 No No TLSv1 Yes Yes TLSv1.1 Yes Yes TLSv1.2 Yes Yes ©2015 Rocket Software, Inc. All Rights Reserved.
  • 28. 28 Trends & Industry Standards - PCI “…SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016. Prior to this date, existing implementations that use SSL and/or early TLS must have a formal Risk Mitigation and Migration Plan in place. Effective immediately.” ©2015 Rocket Software, Inc. All Rights Reserved.
  • 29. 29 Trends & Industry Standards - HIPAA Follows NIST 800-52 • SSL v3 must not be used • TLS v1.0 ok for interoperability with non-government • TLS v1.1 & (TLS v1.2 recommended) • Only recommended ciphers to be used http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf ©2015 Rocket Software, Inc. All Rights Reserved.
  • 30. 30 U2 Products and Features
  • 31. 31 UniData Database and Versions 6.1.x > 7.3.6 • OpenSSL 0.9.7e • SSLv2, SSLv3, TLSv1 • SHA1 7.3.7 • OpenSSL 1.0.1m • SSLv2, SSLv3, TLSv1 • SHA1 and SHA2 8.1.x • OpenSSL 1.0.1m • SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2 • SHA1 and SHA2 • Enhanced CRL • Windows release can enable or disable non- secure telnet
  • 32. 32 UniVerse Database and Versions 11.1.x > 10.1.15 • OpenSSL 0.9.7e • SSLv2, SSLv3, TLSv1 • SHA1 11.2.0 • OpenSSL 1.0.1c • SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2 • SHA1 and SHA2 11.2.0 > 11.2.4 • OpenSSL 1.0.1m • SSLv2, SSLv3, TLSv1 • SHA1 and SHA2 11.2.5 • OpenSSL 1.0.1m • SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2 • SHA1 and SHA2 • Enhanced CRL
  • 33. 33 udtconfig / uvconfig # Communication and security section # SSL_PROTOCOLS TLSv1,TLSv1.1,TLSv1.2 SSL_OPTIONS NO_TLS_FALLBACK_SCSV
  • 34. 34 uvtelnetd/udtelnetd on UNIX/Linux /etc/inetd.conf uvssltelnet stream tcp nowait root /disk1/uv1125/bin/uvtelnetd uvtelnetd –d 3 -P sslv3+tlsv1+tlsv1.1+tlsv1.2 udssltelnet stream tcp nowait root /disk1/ud81/bin/udtelnetd udtelnetd –d 3 -P sslv3+tlsv1+tlsv1.1+tlsv1.2
  • 36. 36 U2 Clients - Programming using U2.Data.Client; … U2ConnectionStringBuilder conn_bldr = new U2ConnectionStringBuilder(); … conn_bldr.SslProtocols = "Tls12"; // check certificate revocation list conn_bldr.SslCheckCertificateRevocation = false; // check common name matches server name conn_bldr.SslIgnoreCertificateNameMismatch = true; // check certificate exists in root trust store conn_bldr.SslIgnoreIncompleteCertificateChain = true; …
  • 38. 38 U2 Clients - ODBC U2 ODBC MSI Installer (32-bit/64-bit) New Registry Items • We have added SSL_PROTOCOLS REG_SZ TLSv1.1,TLSv1.2 • We have added SSL_OPTIONS REG_SZ TLS_FALLBACK_SCSV
  • 39. 39 U2 Clients - ODBC U2 ODBC MSI installer (32-bit/64-bit) New registry items • SSL_PROTOCOLS REG_SZ TLSv1.1,TLSv1.2 • SSL_OPTIONS REG_SZ TLS_FALLBACK_SCSV
  • 41. 41 XAdmin 4.x.x Manages • Secure Socket Layer (SSL) • Audit • Advanced Data Encryption Menus support all new features in UniData 8.1.0 and UniVerse 11.2.5 Secure “Resource View”
  • 42. 42 Root Certificate Store Takes away the mystery and complexity Secure CallHTTP and SOAP programming is simpler RCS is based on java 1.7 cacerts file Updates to .u2rcs repository is a regular administration task
  • 43. 43 Root Certificate Store Manager  The rcsman utility manages the U2 Root Certificate Store  rcsman commands • List • Import • Export • Delete • Change password • help default certificate store file = .u2rcs
  • 44. 44 Exporting Windows Trusted Root Certificates
  • 46. 46 pkcs#12 / pfx Support  addCertificate(certPath, usedAs, format, algorithm, context, p12pass)  setPrivateKey(key, format, keyLoc, passPhrase, validate, context, p12pass)  analyzeCertificate(cert, format, result, p12pass)  SIGNATURE(algorithm, action, data, dataLoc, key, keyLoc, keyFmt, pass, sigIn, result, p12pass)  SSL property lists  U2 Root Certificate Store  rcsman utility  XAdmin
  • 47. 47 .unisecurity cat .unisecurity uvtelnetd /disk1/uv1125/HS.SALES mysha1 "password" udtelnetd /disk1/ud81/demo mysha1 "password" # cat .unisecurity N0lIclNYcTNWV2gxaGdVMnNkU2FsdF+7g0V3hwz+IeGxZ7oT/LFLwESiBqQtYZnnkO2OJW8 HzSfe3v7IX1qMRa8Ry0bxiSeOK5CJzsDFRUku8sxKUqQM8U61ZwdrJpnfwdpwsCHxVsTKl+ P59WevZHO0vVHxWe/Scpt0SHVBHSDSCJh7chOmhg8yuzUI3Ho4iA/0me3v/mYRugFXHcze YpUkVqmzLL5jTU68qG2c#
  • 49. 49 .unisecurity – secuconf Command secuconf • The secuconf command is used to encrypt, decrypt, or modify the information in the .unisecurity file • secuconf {-encrypt|-decrypt|-retag|-edit|-isencrypted}[-pass password|- newpass new password|-out outfile|-log logfile|- editor editor|-tag] cfgfile
  • 53. 53 Tips Ciphers • -cipher RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW • HIGH:!aNULL:!MD5:!EXP OpenSSL command line tool • OpenSSL s_server … • OpenSSL s_client …
  • 54. 54 Certificate Management Tool - CMT These statements represent Rocket Software’s current intentions. Rocket development plans are subject to change or withdrawal without further notice. Any reliance on these statements is at the relying party’s sole risk and will not create any liability or obligation for Rocket
  • 55. 55 CMT– What It Does Convert files from PKCS#12(pfx) < > PKCS#8(pem) Test SSL connections as client or server or both Create Java Key Store (JKS) Import and export in JKS View certificates in pfx, pem, jks ©2015 Rocket Software, Inc. All Rights Reserved.
  • 56. 56 CMT Get from GitHub Create certificate request Create self signed certificate Create JKS Fire up SSL server using self-signed FIRE up SSL client and communicate to server ©2015 Rocket Software, Inc. All Rights Reserved.
  • 57. 57 Call for Action - Upgrade UniVerse and UniData using OpenSSL 1.0.1m • UniVerse 11.2.4 • UniVerse 11.2.5 Strongly Preferred • UniData 7.3.7 • UniData 8.1.0 Strongly Preferred ©2015 Rocket Software, Inc. All Rights Reserved.
  • 58. 58 Call for Action - Upgrade wIntegrate 6.3.7 SBClient 6.3.3 ODBC 32/64 bit build UCC-3156 U2 Client Toolkit • U2 Data Client • UODOTNET U2 DB TOOLS 4.x ©2015 Rocket Software, Inc. All Rights Reserved.
  • 59. 59 Summary  Data confidentiality, integrity, and availability are under pressure  Advanced Persistent Threat (APT)  Compliance to security auditing are a necessity and complex  Upgrading is more urgent than ever to meet compliance  Rocket Software is committed to meet the security technical challenges and changes
  • 60. 60 A Look into the Future TLSv1.3 – RFC-5246 • September 2015, TLS 1.3 is a working draft • Based on the earlier TLS 1.2 specification SHA3 (Secure Hash Algorithm 3) • SHA-3 is not meant to replace SHA-2, as no significant attack on SHA-2 • The SHA-3 standard was released by NIST on August 5, 2015 These statements represent Rocket Software’s current intentions. Rocket development plans are subject to change or withdrawal without further notice. Any reliance on these statements is at the relying party’s sole risk and will not create any liability or obligation for Rocket
  • 61. 61 Additional Resources  Find further information • U2 documentation http://www.rocketsoftware.com/resource/u2-technical-documentation  Links • https://www.rocketsoftware.com • https://technet.microsoft.com/ • https://www.oracle.com • https://openssl.org • https://www.hhs.gov • http://www.rocketsoftware.com/training-and-professional-services/rocket-u2  Contacts • u2askus@rocketsoftware.com • u2support@rocketsoftware.com ©2015 Rocket Software, Inc. All Rights Reserved.
  • 62. 62 Disclaimer THE INFORMATION CONTAINED IN THIS PRESENTATION IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. WHILE EFFORTS WERE MADE TO VERIFY THE COMPLETENESS AND ACCURACY OF THE INFORMATION CONTAINED IN THIS PRESENTATION, IT IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. IN ADDITION, THIS INFORMATION IS BASED ON ROCKET SOFTWARE’S CURRENT PRODUCT PLANS AND STRATEGY, WHICH ARE SUBJECT TO CHANGE BY ROCKET SOFTWAREWITHOUT NOTICE. ROCKET SOFTWARE SHALL NOT BE RESPONSIBLE FOR ANY DAMAGES ARISING OUT OF THE USE OF, OR OTHERWISE RELATED TO, THIS PRESENTATION OR ANY OTHER DOCUMENTATION. NOTHING CONTAINED IN THIS PRESENTATION IS INTENDED TO, OR SHALL HAVE THE EFFECT OF: • CREATING ANY WARRANTY OR REPRESENTATION FROM ROCKET SOFTWARE(OR ITS AFFILIATES OR ITS OR THEIR SUPPLIERS AND/OR LICENSORS); OR • ALTERING THE TERMS AND CONDITIONS OF THE APPLICABLE LICENSE AGREEMENT GOVERNING THE USE OF ROCKET SOFTWARE. ©2015 Rocket Software, Inc. All Rights Reserved.
  • 63. 63 Trademarks and Acknowledgements The trademarks and service marks identified in the following list are the exclusive properties of Rocket Software, Inc. and its subsidiaries (collectively, “Rocket Software”). These marks are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. Not all trademarks owned by Rocket Software are listed. The absence of a mark from this page neither constitutes a waiver of any intellectual property rights that Rocket Software has established in its marks nor means that Rocket Software is not owner of any such marks. Aldon, CorVu, Dynamic Connect, D3, FlashConnect, Pick, mvBase, MvEnterprise, NetCure, Rocket, SystemBuilder, U2, U2 Web Development Environment, UniData, UniVerse, and wIntegrate Other company, product, and service names mentioned herein may be trademarks or service marks of others. ©2015 Rocket Software, Inc. All Rights Reserved.
  • 64. 64