MM
Uploaded byMaarten Mulders
397 views

SSL/TLS for Mortals (Devoxx)

The document discusses issues related to SSL/TLS protocols and certificate validation errors, specifically highlighting a javax.net.ssl.SSLHandshakeException occurring due to a failure to build a valid certification path. It covers key concepts in public/private key encryption, signing certificates, and the roles of certificate authorities. Additionally, it emphasizes security best practices, including recommendations to avoid SSL and trust only valid certificates.

Embed presentation

Download to read offline
T L S Awesome Sauce, or... Maarten Mulders (@mthmulders)#tlsformortals
H Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertif cate(ClientHandshaker.java:1506) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at sun.net. .protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) at sun.net. .protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net. .protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512) at sun.net. .protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440) at sun.net. .protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at it.mulders.maarten.Demo.main(Demo.java:13) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExc at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertif cate(ClientHandshaker.java:1488) 13 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to f nd valid certif cation path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) Maarten Mulders (@mthmulders)#tlsformortals
7 L OSI M data unit layers Data Data Data Segments Packets Application  Network Process to Application Presentation  Data Representation  and Encryption Session  Interhost Communication Transport  End­to­End Connections  and Reliability Network  Path Determination and  Host Layers Maarten Mulders (@mthmulders)#tlsformortals
H SSL TLS SSL 1.0 never released SSL 2.0 1995 - 2011 (POODLE) SSL 3.0 1996 - 2014 (POODLE) TLS 1.0 1999 - 2011 (BEAST) TLS 1.1 2006 TLS 1.2 2008 TLS 1.3 2018 Maarten Mulders (@mthmulders)#tlsformortals
D What's the issue?! Maarten Mulders (@mthmulders)#tlsformortals
H 1. public/private key encryption 2. signed certificates 3. certificate authorities Maarten Mulders (@mthmulders)#tlsformortals
1 P P K E Maarten Mulders (@mthmulders)#tlsformortals
M 1. Select two prime numbers: 2. Calculate product: 3. Select random number < product: 4. Find d, so that a. b. c. d. p = 11, q = 17 p ∗ q = 187 e = 3 (d ∗ e) − 1 mod (p − 1) ∗ (q − 1) = 0 (d ∗ 3) − 1 mod (10 ∗ 16) = 0 320 mod 160 = 0 (321 − 1) mod 160 = 0 (107 ∗ 3) = 321 ⇒ d = 107 Maarten Mulders (@mthmulders)#tlsformortals
N , P Q 1. 2. Find d, so that Pretty hard without knowing and ! As soon as we know , calculating is trivial (again). p ∗ q = 299, e = 5 (d ∗ e) − 1 mod (p − 1) ∗ (q − 1) = 0 p q p = 13, q = 23 d = 317 Maarten Mulders (@mthmulders)#tlsformortals
For big enough and , finding those factors will cost an eternity! So we can distribute and even ! p q p ∗ q e Maarten Mulders (@mthmulders)#tlsformortals
L "G" p ∗ q = 187, e = 3, G ⇒ 7 = = 3437 e 7 3 343 mod 187 = 156 Maarten Mulders (@mthmulders)#tlsformortals
L "156" Since we know and , we can calculatep q d = 107 = ≈ 4.6 ∗156 d 156 107 10 234 mod 187 = 7156 107 7 ⇒ G Maarten Mulders (@mthmulders)#tlsformortals
N Client Server 1 ClientHello → 2 ← ServerHello 3 ← Certificate 4 ← ServerKeyExchange 5 ← ServerHelloDone 6 ClientKeyExchange → 7 ChangeCipherSpec → 8 Finished → 9 ← ChangeCipherSpec 10 ← Finished Maarten Mulders (@mthmulders)#tlsformortals
D No-one is eavesdropping! Maarten Mulders (@mthmulders)#tlsformortals
2 S C Maarten Mulders (@mthmulders)#tlsformortals
A certificate contains: Serial Number Subject Validity Usage Public Key Fingerprint Algorithm Fingerprint Maarten Mulders (@mthmulders)#tlsformortals
But wait... anyone could create a certificate! So we also need Signature Algorithm Signature Issuer ... and a way to sign certificates. Maarten Mulders (@mthmulders)#tlsformortals
A signature is a mathematical relationship between a message , a private key and a public key . It consists of two functions: 1. signing function 2. verifying function So, given and and knowing , we can tell if is indeed signed by . x sk pk t = f (sk, x) [accept, reject] = g(pk, t, x) x t pk x sk Maarten Mulders (@mthmulders)#tlsformortals
3 C A Maarten Mulders (@mthmulders)#tlsformortals
An entity that issues digital certificates, certifying the ownership of a public key by the subject of the certificate. Maarten Mulders (@mthmulders)#tlsformortals
I John ? Alice So, who is John, anyway? Many John's in todays browsers and operating systems! “I can trust you, because I trust John, and John trusts Alice, and Alice trusts you. Maarten Mulders (@mthmulders)#tlsformortals
Top-notch security procedures, including "key ceremonies" Maarten Mulders (@mthmulders)#tlsformortals
/** intentionally left blank */ Maarten Mulders (@mthmulders)#tlsformortals
W Google blacklists 247 certificates in Chromium Microsoft removes the DigiNotar root certificate from all supported Windows-releases * Mozilla revokes trust in the DigiNotar root certificate in all supported versions Apple issued Security Update 2011-005 Update Certificate Revocation Lists (although these are self-Maarten Mulders (@mthmulders)#tlsformortals
D Trust (for what it's worth) Maarten Mulders (@mthmulders)#tlsformortals
T , T T Maarten Mulders (@mthmulders)#tlsformortals
Simple HTTP client with TLS support: curl ­v ­k <address> Troubleshoot trust issues and see certificates being used: openssl s_client ­showcerts ­servername <address> ­ connect <address>:443 Troubleshoot supported protocols, ciphers, ...: nmap ­­script ssl­enum­ciphers ­p 443 <address> Maarten Mulders (@mthmulders)#tlsformortals
JVM S ­Djavax.net.ssl.trustStore=<file> Denotes where a truststore can be found: a file that contains trusted certs. ­Djavax.net.ssl.trustStorePassword=changeit is the password to that file. Maarten Mulders (@mthmulders)#tlsformortals
JVM S ­Djavax.net.ssl.keyStore=<file> Denotes where a keystore can be found: a file that contains public and/or private keys. ­Djavax.net.ssl.keyStorePassword=changeit is the password to that file. Maarten Mulders (@mthmulders)#tlsformortals
JVM S ­Djavax.net.debug=ssl[:flag] Include debug logging for TLS handshake and connections. Additional flags: record session sessioncache pluggability plaintext handshake defaultctx keymanager data packet keygen sslctx trustmanager verbose Maarten Mulders (@mthmulders)#tlsformortals
P Maarten Mulders (@mthmulders)#tlsformortals
P - 1. Don't use SSL! Use TLS v1.2 or v1.3. 2. Be careful whom you trust! 3. When in doubt, open your toolbox: openssl, curl, nmap and Portecle Maarten Mulders (@mthmulders)#tlsformortals
Q P D I Router by unknown author Maarten Mulders (@mthmulders)#tlsformortals

More Related Content

PDF
SSL/TLS for Mortals (UtrechtJUG)
byMaarten Mulders
 
PDF
SSL/TLS for Mortals (Lockdown Lecture)
byMaarten Mulders
 
PDF
The Ring programming language version 1.7 book - Part 64 of 196
byMahmoud Samir Fayed
 
PDF
Guess the distribution
byRasmus Bååth
 
PPT
Ch10
bykinnarshah8888
 
PDF
SSL/TLS for Mortals (Oracle Groundbreaker EMEA Virtual Tour)
byMaarten Mulders
 
PDF
SSL/TLS for Mortals (Devoxx UK)
byMaarten Mulders
 
PDF
SSL/TLS for Mortals (JavaLand)
byMaarten Mulders
 
SSL/TLS for Mortals (UtrechtJUG)
byMaarten Mulders
 
SSL/TLS for Mortals (Lockdown Lecture)
byMaarten Mulders
 
The Ring programming language version 1.7 book - Part 64 of 196
byMahmoud Samir Fayed
 
Guess the distribution
byRasmus Bååth
 
Ch10
bykinnarshah8888
 
SSL/TLS for Mortals (Oracle Groundbreaker EMEA Virtual Tour)
byMaarten Mulders
 
SSL/TLS for Mortals (Devoxx UK)
byMaarten Mulders
 
SSL/TLS for Mortals (JavaLand)
byMaarten Mulders
 

Similar to SSL/TLS for Mortals (Devoxx)

PDF
SSL/TLS for Mortals (JAX DE 2018)
byMaarten Mulders
 
PDF
SSL/TLS for Mortals (JavaZone)
byMaarten Mulders
 
PDF
SSL/TLS for Mortals (GOTO Berlin)
byMaarten Mulders
 
PDF
SSL/TLS for Mortals (JavaOne 2017)
byMaarten Mulders
 
PDF
SSL/TLS for Mortals (J-Fall)
byMaarten Mulders
 
PDF
SSL/TLS for Mortals (DevNexus)
byMaarten Mulders
 
PDF
SSL/TLS for Mortals (Devoxx FR 2018)
byMaarten Mulders
 
PDF
SSL/TLS for Mortals (Voxxed Days Luxembourg)
byMaarten Mulders
 
PDF
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
byJPCERT Coordination Center
 
PDF
Securing Data in Transit -
bywolfSSL
 
PDF
TLS/SSL Internet Security Talk
byNisheed KM
 
PDF
SSL: Past, Present and Future
byTiago Mendo
 
PDF
SSL: Past, Present and Future
byLuis Grangeia
 
PPTX
Certificate pinning in android applications
byArash Ramez
 
PDF
"The Sorry State of SSL" Hynek Schlawack, PyConRu 2014
byit-people
 
PDF
wolfSSL and TLS 1.3
bywolfSSL
 
PDF
How ssl works
bySaptarshi Basu
 
PPT
Ch12 Cryptographic Protocols and Public Key Infrastructure
byInformation Technology
 
PDF
SSL and TLS Theory and Practice 3rd Edition Rolf Oppliger
byaribonkathy
 
PDF
#MoreCrypto : Introduction to TLS
byOlle E Johansson
 
SSL/TLS for Mortals (JAX DE 2018)
byMaarten Mulders
 
SSL/TLS for Mortals (JavaZone)
byMaarten Mulders
 
SSL/TLS for Mortals (GOTO Berlin)
byMaarten Mulders
 
SSL/TLS for Mortals (JavaOne 2017)
byMaarten Mulders
 
SSL/TLS for Mortals (J-Fall)
byMaarten Mulders
 
SSL/TLS for Mortals (DevNexus)
byMaarten Mulders
 
SSL/TLS for Mortals (Devoxx FR 2018)
byMaarten Mulders
 
SSL/TLS for Mortals (Voxxed Days Luxembourg)
byMaarten Mulders
 
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
byJPCERT Coordination Center
 
Securing Data in Transit -
bywolfSSL
 
TLS/SSL Internet Security Talk
byNisheed KM
 
SSL: Past, Present and Future
byTiago Mendo
 
SSL: Past, Present and Future
byLuis Grangeia
 
Certificate pinning in android applications
byArash Ramez
 
"The Sorry State of SSL" Hynek Schlawack, PyConRu 2014
byit-people
 
wolfSSL and TLS 1.3
bywolfSSL
 
How ssl works
bySaptarshi Basu
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
byInformation Technology
 
SSL and TLS Theory and Practice 3rd Edition Rolf Oppliger
byaribonkathy
 
#MoreCrypto : Introduction to TLS
byOlle E Johansson
 

More from Maarten Mulders

PDF
What's cooking in Maven? (Devoxx FR)
byMaarten Mulders
 
PDF
Making Maven Marvellous (Devnexus)
byMaarten Mulders
 
PDF
Making Maven Marvellous (Java.il)
byMaarten Mulders
 
PDF
Making Maven Marvellous (JavaZone)
byMaarten Mulders
 
PDF
Dapr: Dinosaur or Developer's Dream? (v1)
byMaarten Mulders
 
PDF
Dapr: Dinosaur or Developer Dream? (J-Fall)
byMaarten Mulders
 
PDF
React in 40 minutes (Voxxed Days Romania)
byMaarten Mulders
 
PDF
React in 40 minutes (JCON)
byMaarten Mulders
 
PDF
React in 50 minutes (Bucharest Software Craftsmanship Community)
byMaarten Mulders
 
PDF
React in 50 Minutes (JNation)
byMaarten Mulders
 
PDF
Making Maven Marvellous (J-Fall)
byMaarten Mulders
 
PDF
Building a DSL with GraalVM (Oracle Groundbreaker APAC Virtual Tour)
byMaarten Mulders
 
PDF
Building a DSL with GraalVM (javaBin online)
byMaarten Mulders
 
PDF
React in 50 Minutes (OpenValue)
byMaarten Mulders
 
PDF
React in 50 Minutes (DevNexus)
byMaarten Mulders
 
PDF
React in 45 Minutes (Jfokus)
byMaarten Mulders
 
PDF
Building web applications with React (Jfokus)
byMaarten Mulders
 
PDF
Building a DSL with GraalVM (CodeOne)
byMaarten Mulders
 
PDF
Building a DSL with GraalVM (Full Stack Antwerpen)
byMaarten Mulders
 
PDF
Building a DSL with GraalVM (Devoxx PL)
byMaarten Mulders
 
What's cooking in Maven? (Devoxx FR)
byMaarten Mulders
 
Making Maven Marvellous (Devnexus)
byMaarten Mulders
 
Making Maven Marvellous (Java.il)
byMaarten Mulders
 
Making Maven Marvellous (JavaZone)
byMaarten Mulders
 
Dapr: Dinosaur or Developer's Dream? (v1)
byMaarten Mulders
 
Dapr: Dinosaur or Developer Dream? (J-Fall)
byMaarten Mulders
 
React in 40 minutes (Voxxed Days Romania)
byMaarten Mulders
 
React in 40 minutes (JCON)
byMaarten Mulders
 
React in 50 minutes (Bucharest Software Craftsmanship Community)
byMaarten Mulders
 
React in 50 Minutes (JNation)
byMaarten Mulders
 
Making Maven Marvellous (J-Fall)
byMaarten Mulders
 
Building a DSL with GraalVM (Oracle Groundbreaker APAC Virtual Tour)
byMaarten Mulders
 
Building a DSL with GraalVM (javaBin online)
byMaarten Mulders
 
React in 50 Minutes (OpenValue)
byMaarten Mulders
 
React in 50 Minutes (DevNexus)
byMaarten Mulders
 
React in 45 Minutes (Jfokus)
byMaarten Mulders
 
Building web applications with React (Jfokus)
byMaarten Mulders
 
Building a DSL with GraalVM (CodeOne)
byMaarten Mulders
 
Building a DSL with GraalVM (Full Stack Antwerpen)
byMaarten Mulders
 
Building a DSL with GraalVM (Devoxx PL)
byMaarten Mulders
 

Recently uploaded

PPTX
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
PPTX
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
PPTX
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
PDF
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
PPTX
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PDF
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
PDF
How to Evaluate a High Performance Database
byScyllaDB
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
API-First Architecture in Financial Systems
bycyy111112
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
How to Evaluate a High Performance Database
byScyllaDB
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 

SSL/TLS for Mortals (Devoxx)

  • 2.
    T L S AwesomeSauce, or... Maarten Mulders (@mthmulders)#tlsformortals
  • 3.
    H Exception in thread"main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertif cate(ClientHandshaker.java:1506) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at sun.net. .protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) at sun.net. .protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net. .protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512) at sun.net. .protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440) at sun.net. .protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at it.mulders.maarten.Demo.main(Demo.java:13) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExc at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertif cate(ClientHandshaker.java:1488) 13 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to f nd valid certif cation path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) Maarten Mulders (@mthmulders)#tlsformortals
  • 5.
    7 L OSIM data unit layers Data Data Data Segments Packets Application  Network Process to Application Presentation  Data Representation  and Encryption Session  Interhost Communication Transport  End­to­End Connections  and Reliability Network  Path Determination and  Host Layers Maarten Mulders (@mthmulders)#tlsformortals
  • 6.
    H SSL TLS SSL1.0 never released SSL 2.0 1995 - 2011 (POODLE) SSL 3.0 1996 - 2014 (POODLE) TLS 1.0 1999 - 2011 (BEAST) TLS 1.1 2006 TLS 1.2 2008 TLS 1.3 2018 Maarten Mulders (@mthmulders)#tlsformortals
  • 7.
    D What's the issue?! MaartenMulders (@mthmulders)#tlsformortals
  • 8.
    H 1. public/private keyencryption 2. signed certificates 3. certificate authorities Maarten Mulders (@mthmulders)#tlsformortals
  • 9.
    1 P P KE Maarten Mulders (@mthmulders)#tlsformortals
  • 12.
    M 1. Select twoprime numbers: 2. Calculate product: 3. Select random number < product: 4. Find d, so that a. b. c. d. p = 11, q = 17 p ∗ q = 187 e = 3 (d ∗ e) − 1 mod (p − 1) ∗ (q − 1) = 0 (d ∗ 3) − 1 mod (10 ∗ 16) = 0 320 mod 160 = 0 (321 − 1) mod 160 = 0 (107 ∗ 3) = 321 ⇒ d = 107 Maarten Mulders (@mthmulders)#tlsformortals
  • 13.
    N , PQ 1. 2. Find d, so that Pretty hard without knowing and ! As soon as we know , calculating is trivial (again). p ∗ q = 299, e = 5 (d ∗ e) − 1 mod (p − 1) ∗ (q − 1) = 0 p q p = 13, q = 23 d = 317 Maarten Mulders (@mthmulders)#tlsformortals
  • 14.
    For big enoughand , finding those factors will cost an eternity! So we can distribute and even ! p q p ∗ q e Maarten Mulders (@mthmulders)#tlsformortals
  • 15.
    L "G" p ∗q = 187, e = 3, G ⇒ 7 = = 3437 e 7 3 343 mod 187 = 156 Maarten Mulders (@mthmulders)#tlsformortals
  • 16.
    L "156" Since weknow and , we can calculatep q d = 107 = ≈ 4.6 ∗156 d 156 107 10 234 mod 187 = 7156 107 7 ⇒ G Maarten Mulders (@mthmulders)#tlsformortals
  • 18.
    N Client Server 1 ClientHello→ 2 ← ServerHello 3 ← Certificate 4 ← ServerKeyExchange 5 ← ServerHelloDone 6 ClientKeyExchange → 7 ChangeCipherSpec → 8 Finished → 9 ← ChangeCipherSpec 10 ← Finished Maarten Mulders (@mthmulders)#tlsformortals
  • 19.
    D No-one is eavesdropping! MaartenMulders (@mthmulders)#tlsformortals
  • 20.
    2 S C Maarten Mulders(@mthmulders)#tlsformortals
  • 21.
    A certificate contains: SerialNumber Subject Validity Usage Public Key Fingerprint Algorithm Fingerprint Maarten Mulders (@mthmulders)#tlsformortals
  • 22.
    But wait... anyonecould create a certificate! So we also need Signature Algorithm Signature Issuer ... and a way to sign certificates. Maarten Mulders (@mthmulders)#tlsformortals
  • 24.
    A signature isa mathematical relationship between a message , a private key and a public key . It consists of two functions: 1. signing function 2. verifying function So, given and and knowing , we can tell if is indeed signed by . x sk pk t = f (sk, x) [accept, reject] = g(pk, t, x) x t pk x sk Maarten Mulders (@mthmulders)#tlsformortals
  • 25.
    3 C A Maarten Mulders(@mthmulders)#tlsformortals
  • 26.
    An entity thatissues digital certificates, certifying the ownership of a public key by the subject of the certificate. Maarten Mulders (@mthmulders)#tlsformortals
  • 27.
    I John ? Alice So, who isJohn, anyway? Many John's in todays browsers and operating systems! “I can trust you, because I trust John, and John trusts Alice, and Alice trusts you. Maarten Mulders (@mthmulders)#tlsformortals
  • 28.
    Top-notch security procedures,including "key ceremonies" Maarten Mulders (@mthmulders)#tlsformortals
  • 31.
  • 32.
    W Google blacklists 247certificates in Chromium Microsoft removes the DigiNotar root certificate from all supported Windows-releases * Mozilla revokes trust in the DigiNotar root certificate in all supported versions Apple issued Security Update 2011-005 Update Certificate Revocation Lists (although these are self-Maarten Mulders (@mthmulders)#tlsformortals
  • 33.
    D Trust (for whatit's worth) Maarten Mulders (@mthmulders)#tlsformortals
  • 34.
    T , TT Maarten Mulders (@mthmulders)#tlsformortals
  • 35.
    Simple HTTP clientwith TLS support: curl ­v ­k <address> Troubleshoot trust issues and see certificates being used: openssl s_client ­showcerts ­servername <address> ­ connect <address>:443 Troubleshoot supported protocols, ciphers, ...: nmap ­­script ssl­enum­ciphers ­p 443 <address> Maarten Mulders (@mthmulders)#tlsformortals
  • 36.
    JVM S ­Djavax.net.ssl.trustStore=<file> Denotes wherea truststore can be found: a file that contains trusted certs. ­Djavax.net.ssl.trustStorePassword=changeit is the password to that file. Maarten Mulders (@mthmulders)#tlsformortals
  • 37.
    JVM S ­Djavax.net.ssl.keyStore=<file> Denotes wherea keystore can be found: a file that contains public and/or private keys. ­Djavax.net.ssl.keyStorePassword=changeit is the password to that file. Maarten Mulders (@mthmulders)#tlsformortals
  • 38.
    JVM S ­Djavax.net.debug=ssl[:flag] Include debuglogging for TLS handshake and connections. Additional flags: record session sessioncache pluggability plaintext handshake defaultctx keymanager data packet keygen sslctx trustmanager verbose Maarten Mulders (@mthmulders)#tlsformortals
  • 39.
  • 40.
    P - 1. Don'tuse SSL! Use TLS v1.2 or v1.3. 2. Be careful whom you trust! 3. When in doubt, open your toolbox: openssl, curl, nmap and Portecle Maarten Mulders (@mthmulders)#tlsformortals
  • 41.
    Q P D I Router byunknown author Maarten Mulders (@mthmulders)#tlsformortals