HTTPSRenaming the meetup to Port443

Why I care about HTTPS

• section.io is an agile Content Delivery Network

•We maintain a Qualys SSL Labs Grade A rating

•Our own site, blog, and portal are full HTTPS

•We help our customers transition to full HTTPS

• I’m personally passionate about security

Why should you care about HTTPS?

• You’re already here anyway

•A 42% increase for Alexa Top 1 Million in 6 months

•Hopefully the following presentation will help

SSL is dead

•HTTP = Hypertext Transfer Protocol

•HTTPS = HTTP Secure

• TLS = Transport Layer Security, now at version 1.2

• SSL = Secure Sockets Layer• SSL v3 is effectively dead since POODLE in 2014• SSL v2 just became even deader with DROWN this month

•X.509 Certificate

Mixed mode requests

• When a page served over HTTPS contains http:// URLs

• Since October 2015, Chrome removes the padlock.• Content Security Policies can help fix the broken http:// URLs

• Protocol relative URLs reduce cache effectiveness:• http://domain/resource => //domain/resource

• https://domain/resource => //domain/resource

Cross-Origin Resource Sharing

• Making an AJAX request to a different “origin”

• CORS considers HTTP and HTTPS to be different origins:• http://example.com ≠ http://different.com

• http://example.com ≠ https://example.com

• Send CORS headers for HTTPS requests:• Access-Control-Allow-Origin: http://example.com

• When the Set-Cookie header includes the secure attribute

• The browser will only send the cookie over HTTPS

• Except: a non-HTTPS resource can write to a Secure Cookie• An IETF draft is coming to correct this

• Prefixed cookies are also in an IETF draft• Set-Cookie: __Secure-example; Secure;

• Set-Cookie: __Host-example; Secure; Path=/

Secure Cookies

Referrers

• The Referer header informs the server where you’re coming from

• The header is not sent when navigating from HTTPS to HTTP

• A W3C draft is coming for “Referrer Policies” to override this• Controlled by the source page, not the destination

• Can choose to reveal the full URL, only the domain, or neither

HTTPS Validation

• Has the certificate expired?

• Does my browser trust a certificate in the certificate chain?

• Has the certificate been revoked by the authority?

• and …

Does the name match?

• Common Name• CN=www.example.com

• Wildcard• CN=*.example.com

• ≠ example.com

• ≠ two.levels.example.com

• Subject Alternative Name (SAN)• CN=*.example.comSAN=example.com, two.levels.example.com, different.com

Extended Validation Certificates

• Show the fancy green address bar

• A lot more paperwork

Certificate Signature Hash function

• SHA256 is the current preference

• SHA1 signatures are now reporting as insecure in browsers

• Internet Explorer silently terminates the connection for MD5

Server Name Indication (SNI)

• Browser sends the domain name before it receives the certificate• Normally only the IP address and port number are available

• Host request header gets sent after TLS handshake has completed

• All modern browsers and devices support SNI

• Server tools and programming frameworks often need to opt-in

• TL;DR one IP address is enough

HTTP Strict Transport Security (HSTS)

• HTTP response headers indicating to use only HTTPS for this site• And optionally all subdomains too.

• Has a duration for which the browser should remember this.• 6-month duration required to achieve Qualys Grade A+

• More secure than HTTP 30x redirection.

• Can be submitted for inclusion, hard-coded in the browser.

HTTP Public Key Pinning (HPKP)

• HTTP response headers fingerprinting the certificate keys to expect.

• Has a duration for which the browser should remember this.

• Only valid if the header also includes backup fingerprints.• The backup fingerprints don’t need to be CA-signed certificates

• Preloading is possible (like HSTS)

Online Certificate Status Protocol Stapling

• OCSP is a modern solution to Certificate Revocation Lists

• Unfortunately OCSP implementations don’t perform well:• At least 15% of requests fail

• Successful requests add a median of 350ms to the TLS handshake

• Instead the server can include an OCSP response with the certificate

• Must Staple TLS Feature Extension

HTTP/2

• Requires HTTPS in all browsers

• Multiplexing mitigates the TLS handshake costs• Domain-sharding becomes an anti-pattern

• Connection sharing aids the transition

• Server push

TLS 1.0 going out, TLS 1.3 coming in

• Payment Card Industry Data Security Standard (PCI DSS)• Version 3.1 from April 2015 scheduled TLS 1.0 deprecation for July 2016

• Revised in December 2015 to postpone deprecation to 2018 instead

• TLS v1.3• TCP Fast Open to send TLS ClientHello with SYN

• Specification has been frozen to allow real-world testing

Google Says So

• Page Rank• Starting August 2014, HTTPS sites are given a (slightly) higher rank.

• Rank only awarded to “strong” HTTPS.

• Geo-location and WebRTC only for HTTPS sites in Chrome soon

Let’s Encrypt

• Free certificates

• Trusted in all modern browsers and devices

• Automated Domain Control Validation

• Automated installation on the web server

• Automated renewal

• Standardised protocols

• Open source implementation

• https://letsencrypt.org/

Thank you

• Jason Stangroome

• @jstangroome

• https://section.io/

• https://blog.stangroome.com/

HTTPS: you cannot spell respect without an S. – Eric Lawrence