Maximizing Performance with SPDY & SSL

Billy Hoffman

billy@zoompf.com @zoompf

What is SPDY?

Massive Browser Support

Massive Server Support

Cast of Characters

•  TCP •  HTTP •  SSL •  X.509 Certificate •  Cryptography (asymmetric & symmetric) •  SPDY

HTTP/HTTPS

HTTP/SPDY/SSL Sandwich

•  SPDY encapsulates HTTP requests – Single Multiplexed stream

•  Transmits contents over SSL channel

Today’s Focus

•  Setting the Stage for SPDY – Can speak SSL with a server – Can create a valid SSL connection – Client and Server agree to use SPDY

•  Optimizing SPDY – Optimizing SSL – Optimizing SPDY – Avoiding optimizations that hurt SPDY

•  Tools to help

SETTING THE STAGE FOR SPDY

SSL Connectivity

•  Hostname resolves •  IP is reachable •  Web server is listening on SSL port •  Web server understands SSL •  Web server knows which site you want

– Shared Hosting and SNI

Listener on 443 is speaking SSL?

Creating a Valid SSL connection

•  Agreement on crypto algorithms

•  X.509 certificate is valid

X.509 Cert: Correct Domain?

X.509 Cert: Valid Time Period?

X.509 Cert: Is it Trusted?

X.509 Cert: Is it Trusted?

•  Do I trust the issuer? –  If not, was it signed by someone I trust?

•  Has it been revoked? – CRL lists – Online Certificate Status Protocol (OCSP)

Agreeing to Use SPDY

•  Client tells server it supports SPDY •  Server tells client it supports SPDY •  Client sends SPDY over SSL •  Else, falls back to HTTP over SSL

SSL Handshake

Microsoft Technet: Host TLS/SSL Works http://bit.ly/16Zx0en

Announcing SPDY support in the SSL Handshake

Microsoft Technet: Host TLS/SSL Works http://bit.ly/16Zx0en

+ Ext:13172/ALPN

+ NPN/ALPN

+ Ext:13172/ALPN

ClientHello with Extension 13172

ServerHello with NPN

Review: Speaking SPDY

•  Client resolves and connects to SSL port •  Client announces SPDY support inside

ClientHello •  Server announces SPDY support in

ServerHello •  Client validates X.509 cert, finalized SSL

connection •  SPDY conversation happens

OPTIMIZING SSL/SPDY

The SSL Tarpits

•  SSL handshake requires 2 round trips •  Certificates can be large •  Certificates need to be validated •  Keys can be too large •  Algorithms can be slow

The SSL Handshake is Costly!

Microsoft Technet: Host TLS/SSL Works http://bit.ly/16Zx0en

Resume SSL Session

•  Avoid regenerating keys •  Avoid unneeded trips •  2 methods

Microsoft Technet: Host TLS/SSL Works http://bit.ly/16Zx0en

•  Both sides keep state/cache •  Reuse based on id •  Widely supported

Microsoft Technet: Host TLS/SSL Works http://bit.ly/16Zx0en

sessionid: 3a8a…

Big cache of all ids given

out, and associated

keys/ciphers

Session Identifiers

•  Client stores “Magic Ticket” •  RFC 5077, optional •  No IIS support

Microsoft Technet: Host TLS/SSL Works http://bit.ly/16Zx0en

Encrypted summary of keys/ciphers, signed by

server

Verifies summary is valid, uses

values

Session Tickets

SSL False Start

False Start: Not Gone

•  “The Failure of False Start” •  Chrome still does it!

– Desktop and mobile

•  Any server that supports NPN! (with forward secure) – Any server with SPDY support… – Or SSL + NPN, but only announces HTTP/1.1!

Minimize the Certificate Chain

OCSP Validation causes delays

OCSP Stapling

•  Good in theory, bad in practice •  Browsers are moving away from OSCP

Oversized Asymmetric Keys

•  1024 is fine •  2048 for banks •  Anything more is

overkill

Cipher Order/Choice Matters

•  RC4 is the best •  Unless on a

machine with AES-NI –  Intel i7, Xeons,

some AMD – Not most virtual

machines!!!

•  First match wins

http://zombe.es/post/4078724716

Is SSL really helping you?

•  SSL doesn’t “secure” your website – Prevents eavesdropping, tampering – Not XSS, CSRF, SQL Injection, Unpatched/out-

of-date software, RCE, LFI, etc.

•  Consider: NULL-MD5, NULL-SHA •  SSL with no encryption

“Does this really matter?”

•  Seriously? •  1024 more bytes in key? •  2 more kilobytes in the X.509 cert? •  Accidently using AES-256? •  Really?

“Does this really matter?”

SPDY Optimization

•  SPDY only works over SSL •  Ensure that all your traffic if over SSL •  HTTP 301 direct for http: to https:

– Add a cache-control header!

•  HTTP Strict Transport Security (HSTS) – Like the browser’s cache, but for protocol

access. Make (semi) far future – Wide support (>90% of SPDY capable

browsers)

Avoid These Optimizations

•  Domain Sharding – Hack to request multiplexing, not needed – Hurts SPDY by spreading requests out

•  JavaScript CDNs – These are a horrible blight on the web! – http://statichtml.com/2011/google-ajax-

libraries-caching.html – https://github.com/h5bp/html5-boilerplate/

pull/1327

TOOLS

SSL Labs

SPDYCheck.org

Now on Github, GPL licensed!

SSL/SPDY Optimization Check List

•  Website responds over SSL/443 •  Website has NPN extension (even without

SPDY for False Start) •  X.509 certificate is valid •  X.509 chain is short •  SSL Asymmetric keys are <= 2048 •  Cipher is RC4 (or AES-128 if supports

dedicated instructions)

SSL/SPDY Optimization Check List

•  SSL session resumption is enabled (both identifiers and tickets)

•  No SSL compression •  Website is using latest version of SPDY •  HTTP permanently (301) redirects to

HTTPS (including cache header) •  HTTPS sends HTTP Strict Transport

Security header

Great Resources

•  Ivan Ristic (blog.ivanristic.com) •  Adam Langley (www.imperialviolet.org) •  Mark Nottingham (www.mnot.net/blog/)

•  Qualys SSL Labs (ssllabs.com) •  SPDYCheck (spdycheck.org)

Free Performance Assessment zoompf.com/free

Maximizing Performance with SPDY & SSL

Billy Hoffman

billy@zoompf.com @zoompf