compatibility, security & performance: finding a balance with ssl / tls that doesn't exist
DESCRIPTION
General overview of TLS and SSL on today's internet, with tips about how you can protect your website with strong and unbroken cipher configurations.TRANSCRIPT
![Page 1: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/1.jpg)
COMPATIBILITY, SECURITY & PERFORMANCE FINDING A BALANCE WITH SSL / TLS
THAT DOESN’T EXIST
sam gammon sam @ keen dot io
![Page 2: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/2.jpg)
I AM A SECURITY ENGINEER.
![Page 3: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/3.jpg)
I AM A SECURITY ENGINEER. !
I AM A GUY WHO HAS SPENT WAY TOO MUCH TIME WORRYING
ABOUT GIBBERISH
![Page 4: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/4.jpg)
![Page 5: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/5.jpg)
(THERE ARE NO WORDS THERE)
![Page 6: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/6.jpg)
I AM A SECURITY ENGINEER. !
I AM A GUY WHO HAS SPENT WAY TOO MUCH TIME WORRYING
ABOUT GIBBERISH
!I DON’T KNOW MUCH ABOUT THE MATHS
BEHIND ENCRYPTION.
![Page 7: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/7.jpg)
I AM A SECURITY ENGINEER. !
I AM A GUY WHO HAS SPENT WAY TOO MUCH TIME WORRYING
ABOUT GIBBERISH
!I DON’T KNOW MUCH ABOUT THE MATHS
BEHIND ENCRYPTION.
I DO KNOW HOW YOU CAN PROTECT YOUR APPS IN THE REAL WORLD.
![Page 8: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/8.jpg)
agenda:
1) alice & bob: a short note on asymmetric algorithms
2) intro to SSL/TLS on today’s internet
3) tour of the secure web, from the perspective of a lowly cipher line
4) next-gen ciphers and features
5) useful tools
6) Q&A and story time !!!
![Page 9: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/9.jpg)
Alice & Bob Asymmetric vs. Symmetric Encryption
![Page 10: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/10.jpg)
intro to TLS
![Page 11: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/11.jpg)
here is the OSI model !
![Page 12: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/12.jpg)
my protocols, let me show you them
!
ARP/L2TP
Bluetooth/Ethernet
IP / ICMP
TCP / UDP
SOCKS / SPDY
MIME
HTTP / DNS
![Page 13: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/13.jpg)
a regular HTTP request uses these
!
IP
TCP
HTTPGET /home HTTP/1.1!Host: keen.io!Connection: keep-alive!Cache-Control: no-cache!Accept-Encoding: gzip,deflate,sdch!Accept-Language: en-US,en;q=0.8!
SYN SYN-ACK!ACK
packets!
![Page 14: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/14.jpg)
OSI model !
IP
TCP
HTTP “request”“response”
“connection”
“address”
![Page 15: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/15.jpg)
OSI model !
IP
TCP
HTTP nginx /haproxy
haproxy /!OS (linux)
OS (linux)
1gBASEe (Ethernet)
![Page 16: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/16.jpg)
OSI model !
IP
TCP
TLS
HTTP
![Page 17: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/17.jpg)
OSI model !
IP
TCP
HTTP nginx /haproxy
haproxy /!OS (linux)
OS (linux)
1gBASEe (Ethernet)
TLS openSSL
![Page 18: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/18.jpg)
OSI model !
IP
TCP
TLS
HTTP
HTTPS{
![Page 19: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/19.jpg)
TLS has its own handshake…
![Page 20: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/20.jpg)
TLS has its own handshake…
1) client says hello - passes a list of supported ciphers - in priority order - other capabilities like SNI
2) server says hello - passes a list of supported ciphers - in priority order - passes certificate chain - other capabilities like NPN/ALPN
n) they agree and connect - a cipher is chosen! - a protocol is selected! - keys are exchanged!
… awhile later …
![Page 21: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/21.jpg)
elements of a cipher spec
key exchange standard cipher symmetric
size brokenness
ECDHE TLSv1.2 AES-GCM 128: fast256: strong
“no reason to believe it’s not broken… yet”
DHE TLSv1 AES-GCM 128: fast256: strong
“could be broken if you’re not
careful”
— SSLv3 RC4 140, that’s all you get foo
“well, fuck it. it’s definitely broken, at least break fast?”
![Page 22: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/22.jpg)
![Page 23: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/23.jpg)
Tools
![Page 24: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/24.jpg)
Testing: Qualys !
1) Awesome for experimenting with settings!2) Great for detecting issues!3) Pretty reports!
![Page 25: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/25.jpg)
Testing: Qualys !
1) Awesome for experimenting with settings!2) Great for detecting issues!3) Pretty reports!4) Fantastic compatibility simulator
![Page 26: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/26.jpg)
Diagnostics: OpenSSL !
1) Tools for generating keys /certificates!
2) openssl s_client for SSL client testing!3) openssl ocsp for OCSP testing
4) Benchmark your ciphers with openssl speed
![Page 27: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/27.jpg)
Diagnostics: Wireshark !
1) Extremely powerful!2) Kind of outside the scope of this talk!3) Can be configured with your private key/cert to decrypt traffic
4) See traffic at all levels! (ARP, IP, TCP, TLS, DNS & HTTP)
![Page 28: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/28.jpg)
Always: yer favorite browser !
![Page 29: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/29.jpg)
CIPH3R$!!1!
![Page 30: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/30.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
![Page 31: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/31.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
THIS IS A CIPHER LINE.IT’S BASICALLY A LIST OF YOUR FAVORITE<3 CIPHERS
AND ALSO THE ONES YOU HATE
![Page 32: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/32.jpg)
ssl_ciphers “ 1 ECDHE-RSA-AES128-GCM-SHA256 2 ECDHE-RSA-AES256-GCM-SHA384 3 ECDHE-RSA-AES128-SHA256 4 ECDHE-RSA-AES256-SHA384 5 ECDH-RSA-AES128-SHA256 6 ECDH-RSA-AES256-SHA384 7 DHE-RSA-AES128-GCM-SHA256 8 DHE-RSA-AES256-GCM-SHA384 9 ECDHE-RSA-RC4-SHA 10 ECDHE-RSA-AES128-SHA 11 ECDHE-RSA-AES256-SHA 12 ECDH-RSA-RC4-SHA 13 RC4-SHA 14 DHE-RSA-AES128-SHA 15 AES256-SHA 16 AES128-SHA 17 !ECDSA !DSA 18 !3DES !aNULL !eNULL !SEED 19 !MD5 !EXP !PSK !SRP !DSS !LOW “;
IT’S RANKED FROM TOP TO BOTTOM
![Page 33: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/33.jpg)
THEY COME IN ALL SHAPES AND SIZES
ciphers AES:ALL:!aNULL:!eNULL
ssl_ciphers SSL_RSA_WITH_RC4_128_MD5 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA TLS_ECDHE_RSA_WITH_RC4_128__SHA TLS_ECDH_RSA_WITH_RC4_128_SHA;
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
tls.createServer({ ! ciphers: “AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH” !}, …);
<cipherSpecList> <cipherSpec> <cipher>RC4</cipher> <hash>SHA256</hash> <exchange>ECDHE</exchange> …
![Page 34: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/34.jpg)
EVERY HTTPS SERVER HAS ONE
ciphers AES:ALL:!aNULL:!eNULL
ssl_ciphers SSL_RSA_WITH_RC4_128_MD5 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA TLS_ECDHE_RSA_WITH_RC4_128__SHA TLS_ECDH_RSA_WITH_RC4_128_SHA;
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
tls.createServer({ ! ciphers: “AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH” !}, …);
<cipherSpecList> <cipherSpec> <cipher>RC4</cipher> <hash>SHA256</hash> <exchange>ECDHE</exchange> …
![Page 35: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/35.jpg)
THE SECURITY OF YOUR SITEDEPENDS LARGELY ON"THE ORDER OF THESEARBITRARYTOKENS."!:(
![Page 36: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/36.jpg)
![Page 37: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/37.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
![Page 38: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/38.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
![Page 39: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/39.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
DO NOT WANTMD5 is broken
eNULL means no encryption at all!!
aNULL means good luck no auth
LOW is like 40-bit only! gross
LOW is like 40-bit only! gross
![Page 40: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/40.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
![Page 41: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/41.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
these ones are chill*but usually there’s no support for them
client… or server side
*the NSA invented them though so if you!are paranoid don’t use ‘em
![Page 42: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/42.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
instead, we’ll be talking about RSA stuff today!(mostly)*
*RSA algos were made by a corporation!of the same name paid by the NSA to!weaken their algorithms.!so if you’re paranoid, write your own encryption because all of them have"the NSA’s fingerprints
![Page 43: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/43.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
![Page 44: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/44.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
these are for old!browsersspecifically, SSLv3all of them are “broken”some are more broken!than others, though
![Page 45: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/45.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
old versions of AES expose!you to the BEAST attack,!because of CBC mode
that’s why these ciphers!are the least desired
if you can get away with it,!turn them off
![Page 46: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/46.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
these are for old!browsersRC4 is broken too, but!only by the NSA
![Page 47: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/47.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
these are for old!browsersRC4 is broken too, but!only by the NSAsince it’s less likely the NSA!will be after your data!(compared to some rando!with knowledge of BEAST),!RC4 is slightly less bad
![Page 48: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/48.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
THERE IS ONLY!ONE GIFT YOU GETWITH TLS!ON TODAY’S INTERNET
![Page 49: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/49.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
Forward Secrecy! :)
![Page 50: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/50.jpg)
without forward secrecy…
![Page 51: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/51.jpg)
with forward secrecy…
1) client says hello - passes a list of supported ciphers - in priority order - other capabilities like SNI
2) server says hello - passes a list of supported ciphers - in priority order - passes certificate chain - other capabilities like NPN/ALPN
n) they agree and connect - a cipher is chosen! - a protocol is selected! - keys are exchanged!
… awhile later …
… awhile later …
3) Generate ephemeral forward secrecy key
![Page 52: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/52.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
![Page 53: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/53.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
these are for TLS 1.0RC4 is still prioritizedAES is still broken :(
BEAST, CRIME, BREACH (mostly compression attacks)
![Page 54: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/54.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
![Page 55: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/55.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
GCM is unbroken! Yay!
![Page 56: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/56.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
AES is unbroken inTLS 1.2, but only because of compression, explicit IV,and forward secrecy
![Page 57: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/57.jpg)
ssl_ciphers “ ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDH-RSA-AES128-SHA256 ECDH-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDH-RSA-RC4-SHA RC4-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA !ECDSA !DSA !3DES !aNULL !eNULL !SEED !MD5 !EXP !PSK !SRP !DSS !LOW “;
![Page 58: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/58.jpg)
The future!
![Page 59: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/59.jpg)
OCSP Stapling !
1) OCSP is a way to verify certificate validity and health
2) Certs can be “invalidated” by providers when they are breached!!3) “Stapling” a verifiably-valid OCSP response to an HTTP response can optimize the process significantly!
![Page 60: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/60.jpg)
ECC & DSA Certificates !
1) ECC is an alternate key structure to RSA or DSA
2) ECC keys are “faster” to compute/sign/verify, and! “stronger” than RSA and DSA at “smaller” key sizes!!3) Almost nobody supports it (CA’s and browsers both) CA’s: Symantec is the only one I’ve found Browsers: the usual modern suspects (Webkit/Blink/SpiderMonkey/barely any Trident)!
![Page 61: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/61.jpg)
ECC & DSA Certificates !
structure security vs. complexity factor
AES-128 equivalent maths
ECC linear 256-bit elliptic curves
DSA exponential 3,072-bit finite fields
RSA exponential 3,072-bit integer factorization
![Page 62: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/62.jpg)
Salsa20 / Poly1305 !
1) These are new ciphers from Google
2) They haven’t been chill enough to share ‘em yet*!!3) Salsa20 is a new stream cipher (replaces RC4!) that is fast"!4) Poly1305 is a MAC algorithm that can wrap any reliable! symmetric cipher (AES being broken won’t fail us again)5) Would be great to have server-side but only Chrome supports this stuff yet
*there might be some patches for OpenSSL that may or may not work in the Chromium source tree… :)
![Page 63: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/63.jpg)
AES-GCM Support !
1) GCM-based algorithms were only introduced in TLSv1.2
2) Chrome (>=31) is all good, so are Firefox and Safari 3) IE 11 is all good (sometimes)!!3) >=iOS 5 should have it, Android "!4) Java support is spotty
![Page 64: Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist](https://reader035.vdocuments.us/reader035/viewer/2022062300/554f4492b4c905cd048b569f/html5/thumbnails/64.jpg)
Q&A / Experiences