Sử dụng TLS đúng cách - Phạm Tùng Dương
-
Upload
security-bootcamp -
Category
Presentations & Public Speaking
-
view
288 -
download
7
description
Transcript of Sử dụng TLS đúng cách - Phạm Tùng Dương
State-‐of-‐the-‐Art Using TLS
@duongkaiSecurity Bootcamp, Da Nang, 2014
/me✓ Phạm Tùng Dương ✓ Solution Engineer @ISP ✓ Security Interested
This Talk is All About UsingWhen I say SSL It means TLS and/or SSL
It is can be written a bookHope I can do well in this talk!
Yeah, and Some…It’s Soooo Sleepy!
Somewhere on the Earth…
SSL-‐by-‐default
It’s Important Than Ever
Protocol Attacks✓2009: SSL Insecure Renegotiation ✓2011: BEAST ✓2012: CRIME ✓2013: RC4 biases, Lucky 13, BREACH ✓2014: POODLE
And in 2014✓Heartbleed and CCS in OpenSSL ✓Goto in GnuTLS ✓BERserk in Mozilla NSS ➔ 3 Biggest SSL implementations
In Pentest Industry
You Are Doing Wrong✓It’s too complex. ✓Crypto related is often hard to
understand.
SSL IN ACTIONOr Your Service Should Be SSL By Default!
SSL Version✓ First developed in Netscape ✓ SSL v2: Oldest and broken ✓ SSL v3 (﴾1996)﴿. Old and almost secure. ✓ TLS 1.0 (﴾1999)﴿. Fine protocol ✓ TLS 1.1 (﴾2006)﴿. No known practical
attacks. ✓ TLS 1.2 (﴾2008)﴿. The most secure until now ✓ TLS 1.3 is being developed
https://www.trustworthyinternet.org/ssl-‐pulse/
SSL Version✓ First developed in Netscape ✓ SSL v2: Oldest and broken ✓ SSL v3 (﴾1996)﴿. Old and almost secure. It
NOT SECURE NOW. ✓ TLS 1.0 (﴾1999)﴿. Fine protocol ✓ TLS 1.1 (﴾2006)﴿. No known practical attacks. ✓ TLS 1.2 (﴾2008)﴿. The most secure until now ✓ TLS 1.3 is being developed
https://www.trustworthyinternet.org/ssl-‐pulse/
Protocol In A Glance
DHE-‐RSA-‐AES256-‐SHA
Cipher Suite
Terms✓CSR, Certificates, EV-‐Cert and CA. ✓Private key. ✓Block ciphers vs Stream ciphers ✓PFS (﴾Letter E)﴿: Perfect Forward Secrecy ✓Curves and Curves: Elliptic Curve ✓X509, PEM, PKCS#12 and conversion. ✓OpenSSL
Checklist1. Updated the latest version (﴾OS, software)﴿ 2. Get an 2048-‐bit certificates from CA. Better if it supports SHA256 3. Know your legacy. 4. Configure TLS on your system. 5. Verify TLS configuration with your own hands.
Explanation2. Get an 2048-‐bit certificates from CA. Better if it supports SHA256 ✓ 1024 bit is weak and can be broken easily.[1] [1]https://isc.sans.edu/diary/Confusion+over+SSL+and+1024+bit+keys/18775 ✓ SHA192 is on the way to be deprecated[2] [2]https://konklone.com/post/why-‐google-‐is-‐hurrying-‐the-‐web-‐to-‐kill-‐sha-‐1 ✓ 4096 is consuming CPU too much
3. Know your legacy ✓ Supported protocol version. ✓ Supported cipher suites. ✓ Your compliance.
Explanation4. Configure TLS on your system. ✓ Avoiding insecure ciphers: RC4, DES, 3DES, MD5, SHA1,… ✓ Turn off SSLv3 support ✓ Turn off compression ✓ AES-‐128 is good enough (﴾both secure and faster)﴿. ✓ Enable PFS if supported. ✓ Switch to using Poly1350, Salsa-‐20 and EC ✓ Reference
https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Ciphersuite https://bettercrypto.org/static/applied-‐crypto-‐hardening.pdf
Explanationssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5; ssl_prefer_server_ciphers on; CloudFlare config: https://github.com/cloudflare/sslconfig/blob/master/conf
Explanationssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5; ssl_prefer_server_ciphers on;
CloudFlare config: https://github.com/cloudflare/sslconfig/blob/master/conf
24
Explanation: A+ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_trusted_certificate /etc/nginx/ssl/AddTrustExternalCARoot.crt;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Session Resumption
ssl_session_timeout 20m;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
# Enable OCSP stapling (req. nginx v 1.3.7+)
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers ECDHE-‐RSA-‐AES256-‐GCM-‐SHA384:ECDHE-‐RSA-‐AES128-‐SHA256:ECDHE-‐RSA-‐AES128-‐SHA:DHE-‐RSA-‐AES128-‐SHA:RC4-‐SHA;
…
add_header Strict-‐Transport-‐Security "max-‐age=31536000; includeSubdomains";
https://gist.github.com/kennwhite/25183c3f05266ee0ad7f
Explanation5. Verify TLS configuration with your own hands. ✓ Openssl s_client ✓ Cipherscan and some browser tools ✓ https://www.howsmyssl.com/ ✓ https://cc.dcsec.uni-‐hannover.de/ ✓ iSec Partner SSLyze ✓ SSLLabs (﴾https://www.ssllabs.com/)﴿ ✓ Make your hands dirty
DEMO TIMEIf I have enough time…
27
Reference[1] HTTPS Everywhere, Ilya Grigorik https://docs.google.com/presentation/d/15H8Sj-‐Zol1tcum0CSylhmXns5r7cvNFtzYrcwAzkTjM/present#slide=id.g12f3ee71d_10 [2] SSL Pulse Project https://www.trustworthyinternet.org/ssl-‐pulse/ [3] How is my SSQL now https://www.howsmyssl.com/ [4] The Art and Science of SSL Configuration, Nick Galbreath https://speakerdeck.com/ngalbreath/the-‐art-‐and-‐science-‐of-‐ssl-‐configuration [5] Bulletproof TLS and SSL, Ivan Ristic, ISBN: 978-‐1907117046 !Special Thanks to authors of photos about Da Nang and Hoi An (on Flickr): pierre_thach, nemesis1903 28
29
Q&A