HTTPS presentation at Port80 Sydney meetup March 2016
-
Upload
jason-stangroome -
Category
Internet
-
view
235 -
download
1
Transcript of HTTPS presentation at Port80 Sydney meetup March 2016
HTTPSRenaming the meetup to Port443
Why I care about HTTPS
• section.io is an agile Content Delivery Network
•We maintain a Qualys SSL Labs Grade A rating
•Our own site, blog, and portal are full HTTPS
•We help our customers transition to full HTTPS
• I’m personally passionate about security
Why should you care about HTTPS?
• You’re already here anyway
•A 42% increase for Alexa Top 1 Million in 6 months
•Hopefully the following presentation will help
SSL is dead
•HTTP = Hypertext Transfer Protocol
•HTTPS = HTTP Secure
• TLS = Transport Layer Security, now at version 1.2
• SSL = Secure Sockets Layer• SSL v3 is effectively dead since POODLE in 2014• SSL v2 just became even deader with DROWN this month
•X.509 Certificate
Mixed mode requests
• When a page served over HTTPS contains http:// URLs
• Since October 2015, Chrome removes the padlock.• Content Security Policies can help fix the broken http:// URLs
• Protocol relative URLs reduce cache effectiveness:• http://domain/resource => //domain/resource
• https://domain/resource => //domain/resource
Cross-Origin Resource Sharing
• Making an AJAX request to a different “origin”
• CORS considers HTTP and HTTPS to be different origins:• http://example.com ≠ http://different.com
• http://example.com ≠ https://example.com
• Send CORS headers for HTTPS requests:• Access-Control-Allow-Origin: http://example.com
• When the Set-Cookie header includes the secure attribute
• The browser will only send the cookie over HTTPS
• Except: a non-HTTPS resource can write to a Secure Cookie• An IETF draft is coming to correct this
• Prefixed cookies are also in an IETF draft• Set-Cookie: __Secure-example; Secure;
• Set-Cookie: __Host-example; Secure; Path=/
Secure Cookies
Referrers
• The Referer header informs the server where you’re coming from
• The header is not sent when navigating from HTTPS to HTTP
• A W3C draft is coming for “Referrer Policies” to override this• Controlled by the source page, not the destination
• Can choose to reveal the full URL, only the domain, or neither
HTTPS Validation
• Has the certificate expired?
• Does my browser trust a certificate in the certificate chain?
• Has the certificate been revoked by the authority?
• and …
Does the name match?
• Common Name• CN=www.example.com
• Wildcard• CN=*.example.com
• ≠ example.com
• ≠ two.levels.example.com
• Subject Alternative Name (SAN)• CN=*.example.comSAN=example.com, two.levels.example.com, different.com
Extended Validation Certificates
• Show the fancy green address bar
• A lot more paperwork
Certificate Signature Hash function
• SHA256 is the current preference
• SHA1 signatures are now reporting as insecure in browsers
• Internet Explorer silently terminates the connection for MD5
Server Name Indication (SNI)
• Browser sends the domain name before it receives the certificate• Normally only the IP address and port number are available
• Host request header gets sent after TLS handshake has completed
• All modern browsers and devices support SNI
• Server tools and programming frameworks often need to opt-in
• TL;DR one IP address is enough
HTTP Strict Transport Security (HSTS)
• HTTP response headers indicating to use only HTTPS for this site• And optionally all subdomains too.
• Has a duration for which the browser should remember this.• 6-month duration required to achieve Qualys Grade A+
• More secure than HTTP 30x redirection.
• Can be submitted for inclusion, hard-coded in the browser.
HTTP Public Key Pinning (HPKP)
• HTTP response headers fingerprinting the certificate keys to expect.
• Has a duration for which the browser should remember this.
• Only valid if the header also includes backup fingerprints.• The backup fingerprints don’t need to be CA-signed certificates
• Preloading is possible (like HSTS)
Online Certificate Status Protocol Stapling
• OCSP is a modern solution to Certificate Revocation Lists
• Unfortunately OCSP implementations don’t perform well:• At least 15% of requests fail
• Successful requests add a median of 350ms to the TLS handshake
• Instead the server can include an OCSP response with the certificate
• Must Staple TLS Feature Extension
HTTP/2
• Requires HTTPS in all browsers
• Multiplexing mitigates the TLS handshake costs• Domain-sharding becomes an anti-pattern
• Connection sharing aids the transition
• Server push
TLS 1.0 going out, TLS 1.3 coming in
• Payment Card Industry Data Security Standard (PCI DSS)• Version 3.1 from April 2015 scheduled TLS 1.0 deprecation for July 2016
• Revised in December 2015 to postpone deprecation to 2018 instead
• TLS v1.3• TCP Fast Open to send TLS ClientHello with SYN
• Specification has been frozen to allow real-world testing
Google Says So
• Page Rank• Starting August 2014, HTTPS sites are given a (slightly) higher rank.
• Rank only awarded to “strong” HTTPS.
• Geo-location and WebRTC only for HTTPS sites in Chrome soon
Let’s Encrypt
• Free certificates
• Trusted in all modern browsers and devices
• Automated Domain Control Validation
• Automated installation on the web server
• Automated renewal
• Standardised protocols
• Open source implementation
• https://letsencrypt.org/
Thank you
• Jason Stangroome
• @jstangroome
• https://section.io/
• https://blog.stangroome.com/
HTTPS: you cannot spell respect without an S. – Eric Lawrence