State-‐of-‐the-‐Art Using TLS

@duongkaiSecurity Bootcamp, Da Nang, 2014

/me✓ Phạm Tùng Dương ✓ Solution Engineer @ISP ✓ Security Interested

This Talk is All About UsingWhen I say SSL It means TLS and/or SSL

It is can be written a bookHope I can do well in this talk!

Yeah, and Some…It’s Soooo Sleepy!

Somewhere on the Earth…

SSL-‐by-‐default

It’s Important Than Ever

Protocol Attacks✓2009: SSL Insecure Renegotiation ✓2011: BEAST ✓2012: CRIME ✓2013: RC4 biases, Lucky 13, BREACH ✓2014: POODLE

And in 2014✓Heartbleed and CCS in OpenSSL ✓Goto in GnuTLS ✓BERserk in Mozilla NSS ➔ 3 Biggest SSL implementations

In Pentest Industry

You Are Doing Wrong✓It’s too complex. ✓Crypto related is often hard to

understand.

SSL IN ACTIONOr Your Service Should Be SSL By Default!

SSL Version✓ First developed in Netscape ✓ SSL v2: Oldest and broken ✓ SSL v3 (﴾1996)﴿. Old and almost secure. ✓ TLS 1.0 (﴾1999)﴿. Fine protocol ✓ TLS 1.1 (﴾2006)﴿. No known practical

attacks. ✓ TLS 1.2 (﴾2008)﴿. The most secure until now ✓ TLS 1.3 is being developed

https://www.trustworthyinternet.org/ssl-‐pulse/

SSL Version✓ First developed in Netscape ✓ SSL v2: Oldest and broken ✓ SSL v3 (﴾1996)﴿. Old and almost secure. It

NOT SECURE NOW. ✓ TLS 1.0 (﴾1999)﴿. Fine protocol ✓ TLS 1.1 (﴾2006)﴿. No known practical attacks. ✓ TLS 1.2 (﴾2008)﴿. The most secure until now ✓ TLS 1.3 is being developed

https://www.trustworthyinternet.org/ssl-‐pulse/

Protocol In A Glance

DHE-‐RSA-‐AES256-‐SHA

Cipher Suite

Terms✓CSR, Certificates, EV-‐Cert and CA. ✓Private key. ✓Block ciphers vs Stream ciphers ✓PFS (﴾Letter E)﴿: Perfect Forward Secrecy ✓Curves and Curves: Elliptic Curve ✓X509, PEM, PKCS#12 and conversion. ✓OpenSSL

Checklist1. Updated the latest version (﴾OS, software)﴿ 2. Get an 2048-‐bit certificates from CA. Better if it supports SHA256 3. Know your legacy. 4. Configure TLS on your system. 5. Verify TLS configuration with your own hands.

Explanation2. Get an 2048-‐bit certificates from CA. Better if it supports SHA256 ✓ 1024 bit is weak and can be broken easily.[1] [1]https://isc.sans.edu/diary/Confusion+over+SSL+and+1024+bit+keys/18775 ✓ SHA192 is on the way to be deprecated[2] [2]https://konklone.com/post/why-‐google-‐is-‐hurrying-‐the-‐web-‐to-‐kill-‐sha-‐1 ✓ 4096 is consuming CPU too much

3. Know your legacy ✓ Supported protocol version. ✓ Supported cipher suites. ✓ Your compliance.

Explanation4. Configure TLS on your system. ✓ Avoiding insecure ciphers: RC4, DES, 3DES, MD5, SHA1,… ✓ Turn off SSLv3 support ✓ Turn off compression ✓ AES-‐128 is good enough (﴾both secure and faster)﴿. ✓ Enable PFS if supported. ✓ Switch to using Poly1350, Salsa-‐20 and EC ✓ Reference

https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Ciphersuite https://bettercrypto.org/static/applied-‐crypto-‐hardening.pdf

Explanationssl_protocols  SSLv3  TLSv1  TLSv1.1  TLSv1.2;   ssl_ciphers  EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5;  ssl_prefer_server_ciphers  on; CloudFlare config: https://github.com/cloudflare/sslconfig/blob/master/conf

Explanationssl_protocols  SSLv3  TLSv1  TLSv1.1  TLSv1.2;   ssl_ciphers  EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5;  ssl_prefer_server_ciphers  on;

CloudFlare config: https://github.com/cloudflare/sslconfig/blob/master/conf

24

Explanation: A+ssl_certificate  /etc/nginx/ssl/server.crt;

ssl_certificate_key  /etc/nginx/ssl/server.key;

ssl_trusted_certificate  /etc/nginx/ssl/AddTrustExternalCARoot.crt;

ssl_dhparam  /etc/nginx/ssl/dhparam.pem;

#  Session  Resumption

ssl_session_timeout  20m;

ssl_prefer_server_ciphers  on;

ssl_session_cache  shared:SSL:20m;

#  Enable  OCSP  stapling  (req.  nginx  v  1.3.7+)

ssl_stapling  on;

ssl_stapling_verify  on;

ssl_protocols  TLSv1.2  TLSv1.1  TLSv1;

ssl_ciphers  ECDHE-­‐RSA-­‐AES256-­‐GCM-­‐SHA384:ECDHE-­‐RSA-­‐AES128-­‐SHA256:ECDHE-­‐RSA-­‐AES128-­‐SHA:DHE-­‐RSA-­‐AES128-­‐SHA:RC4-­‐SHA;

…

add_header  Strict-­‐Transport-­‐Security  "max-­‐age=31536000;  includeSubdomains";

https://gist.github.com/kennwhite/25183c3f05266ee0ad7f

Explanation5. Verify TLS configuration with your own hands. ✓ Openssl s_client ✓ Cipherscan and some browser tools ✓ https://www.howsmyssl.com/ ✓ https://cc.dcsec.uni-‐hannover.de/ ✓ iSec Partner SSLyze ✓ SSLLabs (﴾https://www.ssllabs.com/)﴿ ✓ Make your hands dirty

DEMO TIMEIf I have enough time…

27

Reference[1] HTTPS Everywhere, Ilya Grigorik https://docs.google.com/presentation/d/15H8Sj-‐Zol1tcum0CSylhmXns5r7cvNFtzYrcwAzkTjM/present#slide=id.g12f3ee71d_10 [2] SSL Pulse Project https://www.trustworthyinternet.org/ssl-‐pulse/ [3] How is my SSQL now https://www.howsmyssl.com/ [4] The Art and Science of SSL Configuration, Nick Galbreath https://speakerdeck.com/ngalbreath/the-‐art-‐and-‐science-‐of-‐ssl-‐configuration [5] Bulletproof TLS and SSL, Ivan Ristic, ISBN: 978-‐1907117046 !Special Thanks to authors of photos about Da Nang and Hoi An (on Flickr): pierre_thach, nemesis1903 28

29

Q&A