The State of TLS in httpd 2.4. William A. Rowe Jr.

Similar documents
Securing Communications with your Apache HTTP Server. Lars Eilebrecht

TLS 1.1 Security fixes and TLS extensions RFC4346

SSL Report: bourdiol.xyz ( )

SSL Report: ( )

TLS1.2 IS DEAD BE READY FOR TLS1.3

SSL Report: printware.co.uk ( )

SECRETS OF THE ENCRYPTED INTERNET: WORLDWIDE CRYPTOGRAPHIC TRENDS

SSL Report: cartridgeworld.co.uk ( )

SSL Visibility and Troubleshooting

Your Apps and Evolving Network Security Standards

SSL Report: sharplesgroup.com ( )

Transport Level Security

SSL/TLS Server Test of

BIG-IP System: SSL Administration. Version

SSL/TLS Security Assessment of e-vo.ru

Coming of Age: A Longitudinal Study of TLS Deployment

State of TLS usage current and future. Dave Thompson

ATS Test Documentation

BIG-IP System: SSL Administration. Version

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

TLS/sRTP Voice Recording AddPac Technology

Secure Socket Layer Health Assessment

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):ekk.worldtravelink.com

Install the ExtraHop session key forwarder on a Windows server

SSL Accelerated Services. Feature Description

SSL/TLS Deployment Best Practices

Findings for

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

What s new in TLS 1.3 (and OpenSSL as a result) Rich Salz

13/11/2014. Pa rt 2 S S L i m p a c t a n d o p t i m i s a t i o n. Pa rt 1 A b o u t S S L C e r t f i c a t e s. W h a t i s S S L / T L S

Digital Certificates Demystified

Let's Encrypt - Free SSL certificates for the masses. Pete Helgren Bible Study Fellowship International San Antonio, TX

Securing Connections for IBM Traveler Apps. Bill Wimer STSM for IBM Collaboration Solutions December 13, 2016

Let s Encrypt Apache Tomcat * * Full disclosure: Tomcat will not actually be encrypted.

One Year of SSL Internet Measurement ACSAC 2012

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):

SSL/TLS Server Test of grupoconsultorefe.com

Scan Report Executive Summary

SSL Server Rating Guide

How to Configure SSL Interception in the Firewall

Displaying SSL Configuration Information and Statistics

Scan Report Executive Summary

SharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer

ArrayOS APV Release Note

HTTPS is Fast and Hassle-free with Cloudflare

Transport Layer Security

TLS 1.2 Protocol Execution Transcript

Rocket U2 Clients and APIs

MTAT Applied Cryptography

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Comodo Certificate Manager Software Version 5.6

Legacy of Heartbleed: MITM and Revoked Certificates. Alexey Busygin NeoBIT

Scan Report Executive Summary

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

Verify certificate chain with OpenSSL

How to set the preferred cipher suite on Apache 2.2.x and Apache 2.4.x Reverse Proxy

NetScaler 2048-bit SSL Performance

SSL GOOD PRACTICE GUIDE

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Install the ExtraHop session key forwarder on a Windows server

Install the ExtraHop session key forwarder on a Windows server

Comodo Certificate Manager Software Version 5.0

Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015

Install the ExtraHop session key forwarder on a Windows server

Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS

Scan Report Executive Summary

Exinda How To Guide: SSL Acceleration. Exinda ExOS Version Exinda Networks, Inc.

The Evolving Architecture of the Web. Nick Sullivan

Overview. SSL Cryptography Overview CHAPTER 1

Requirements from the. Functional Package for Transport Layer Security (TLS)

Microsoft Exchange Server 2013 and 2016 Deployment

Web as a Distributed System

CIS 5373 Systems Security

How to Implement Cryptography for the OWASP Top 10 (Reloaded)

U.S. E-Authentication Interoperability Lab Engineer

Evaluation Criteria for Web Application Firewalls

Sentry Power Manager (SPM) Software Security

Genesys Security Pack on UNIX. Release Notes 8.5.x

WHITE PAPER. Authentication and Encryption Design

feature HTTPS Posture Assessment Ideal Configuration

Bacula. Ana Emília Machado de Arruda. Protegendo seu Backup com o Bacula. Palestrante: Bacula Backup-Pt-Br/bacula-users/bacula-devel/bacula-users-es

TLS. RFC2246: The TLS Protocol. (c) A. Mariën -

SSL/TLS. Pehr Söderman Natsak08/DD2495

WAP Security. Helsinki University of Technology S Security of Communication Protocols

Manage Certificates. Certificates Overview

High-Tech Bridge s Free SSL Server Test API Developer Documentation Version v1.2 24th of January 2018

Ecosystem at Large

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

IBM i Version 7.2. Security Secure Sockets Layer IBM

HP Load Balancing Module

Lab 7: Tunnelling and Web Security

StorageGRID Webscale 10.0

ArrayOS AG Release Note

1.264 Lecture 28. Cryptography: Asymmetric keys

SSL/ TLS Cipher Suite Analysis and strong Cipher Enablement

A Technology Brief on SSL/TLS Traffic

Datapath. Encryption

Authentication CHAPTER 17

E-commerce security: SSL/TLS, SET and others. 4.1

Transcription:

The State of TLS in httpd 2.4 William A. Rowe Jr. wrowe@apache.org

Getting Started Web references have grown stale Web references have grown stale Guidance is changing annually https://www.ssllabs.com/ssltest/analyze.ht ml?d=svn.apache.org Guidance is changing annually Plain http:// is nearing extinction https://www.eff.org/encrypt-the-web-report Plain http:// is nearing extinction

Follow Up-to-date Resources Several authors are doing a good job of explaining TLS issues in clear language. Several authors are doing a good job of Ivan Ristić's blog http://blog.ivanristic.com Ivan Ristić's blog Adam Langley's blog https://www.imperialviolet.org/ Adam Langley's blog

Update to Modern Tools OpenSSL 1.0.1 provides the necessary TLSv1.2 facilities OpenSSL 1.0.1 provides the necessary 1.0.2 is now the recommended version 1.0.2 is now the recommended version Apache HTTP Server 2.4 connects the dots for OpenSSL 1.0.1 features Apache HTTP Server 2.4 connects the 2.4.16 revised the suggested mod_ssl configuration files 2.4.16 revised the suggested mod_ssl

More Reasons 2.4.17 introduces ALPN support for http/2 2.4.17 introduces ALPN support for http/2 Forward Secrecy, stronger hashes and ECC cryptography all require these updates http://httpd.apache.org/docs/2.4/new_feat ures_2_4.html#module Forward Secrecy, stronger hashes and

Choose 2? (Or only one?) Confidentiality, performance or compatibility? Confidentiality, performance or Evaluate the scope of confidentially: Evaluate the scope of confidentially: Value? RoI vs Bitcoin mining Trading off for performance Trading off for compatibility

Protocols SSLv2 is long dead, SSLv3, and TLSv1.0 are also nearing death, by late 2016 SSLv2 is long dead, SSLv3, and TLSv1.0 TLSv1.2 addresses a spectrum of weaknesses (OpenSSL 1.0.1p is needed to avoid new issues) TLSv1.2 addresses a spectrum of OpenSSL 1.0.2 adds new API facilities, especially wildcard SNI handshakes OpenSSL 1.0.2 adds new API facilities,

Ciphers The Big List (Poor choices are present) openssl ciphers -v The Big List (Poor choices are present) A simplified list (Efficient and Secure) openssl ciphers -v \ 'HIGH:MEDIUM:!aNULL:!MD5' A simplified list (Efficient and Secure)

Dictating Priority Teach your server to enforce -your- policy Teach your server to enforce -your- policy http://httpd.apache.org/docs/2.4/mod/mod _ssl.html#sslhonorcipherorder

Disable SSLv3? The Protocol? The Cipher List? The Protocol? The Cipher List? TLSv1.0 -is- SSLv3 in nearly every respect TLSv1.0 -is- SSLv3 in nearly every TLS_FALLBACK_SCSV is the bandaid TLS_FALLBACK_SCSV is the bandaid TLSv1.2 -only- is coming soon TLSv1.2 -only- is coming soon

Certs and Keys Hashes in MD5 / SHA1? Hashes in MD5 / SHA1? A better RSA SHA256 hashes A better RSA SHA256 hashes ECDHE-RSA 'just works' with historical RSA certs ECDHE-RSA 'just works' with historical ECDSA certificates offer an more efficient alternative ECDSA certificates offer an more efficient

(Perfect?) Forward Secrecy The Goal discontinuity between sessions SSLSessionCacheTimeout [300] The Goal discontinuity between ECDSA keys offer efficiency ECDSA keys offer efficiency ECDH/RSA remains a compromise ECDH/RSA remains a compromise

OCSP (and Stapling) Confirming continued validity evolved from revocation lists Confirming continued validity evolved OCSP Failure cases overloaded providers and unroutable traffic OCSP Failure cases overloaded Stapling can improve these issues Stapling can improve these issues Server is subject to the same issues Server is subject to the same issues

Graceful Failure SSLStaplingCache shmcb:ocsp(1048576) SSLStaplingStandardCacheTimeout 86400 SSLStaplingErrorCacheTimeout 300 SSLStaplingReturnResponderErrors Off SSLStaplingFakeTryLater off

Sessions Cache and considerations Cache and considerations Tickets and considerations Tickets and considerations Spanning the load balancer Spanning the load balancer A common SSLSessionCache A common SSLSessionTicketKeyFile

Renegotiation Server initiated Server initiated Client initiated, pre-tlsv1.1 Client initiated, pre-tlsv1.1 Client initiated with TLSv1.1 Client initiated with TLSv1.1 Inherent conflict with multiple streams (HTTP/2) Inherent conflict with multiple streams

Under Control The enterprise case; known user agents The enterprise case; known user agents The operations case; peering application servers The operations case; peering application The forward proxy case; all bets are off? The forward proxy case; all bets are off?

The Design Conundrums TLS compression Do Not Use TLS compression Do Not Use Encoding: gzip deflate risks Encoding: gzip deflate risks Client-supplied Input Reflection Buried into Cookies, HTTP headers, or form contents Client-supplied Input Reflection

Broken Clients The perils of parallel consumers The perils of parallel consumers Sharing SSL Sessions between adversarial parties Sharing SSL Sessions between BREACH is a browser/application hosting defect BREACH is a browser/application hosting

Virtual Hosting SNI (Server Name Indication) in httpd 2.4 allows modern clients to share a single IP address for multiple certificates SNI (Server Name Indication) in httpd 2.4 Presented based on the TLS SNI hostname indicated by the client. Presented based on the TLS SNI Old clients still need a wildcard certificate, or a list of AltSubjectNames Old clients still need a wildcard certificate,

CA Management Some tools for maintaining CA lists can be found in the openssl tools/ source directory (these are generally not installed by-default in vendor distributions). Some tools for maintaining CA lists can be

External Efforts EFF-led HTTPS Everywhere campaign EFF-led HTTPS Everywhere campaign Qualys SSL Labs Test https://www.ssllabs.com/ssltest/index.html Qualys SSL Labs Test Let's Encrypt multiparty CA effort Let's Encrypt multiparty CA effort https://letsencrypt.org/

Success stories https://github.com/blog/1727-introducing- forward-secrecy-and-authenticated- encryption-ciphers https://blog.twitter.com/2013/forward- secrecy-at-twitter

A Never-ending Process http://www.openssl.org/news/vulnerabilities.html http://httpd.apache.org/security/vulnerabilities_24.html http://httpd.apache.org/docs/2.4/ http://httpd.apache.org/docs/trunk/ (what is coming soon)

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback