maximizing spdy and ssl performance (june 2014)
DESCRIPTION
Presented at the Atlanta Web Performance Meetup Group on June 2014, Billy Hoffman from Zoompf shows how to improve the performance of your website using SPDY and SSL and discusses SSL issues such as Heartbleed and CRIMETRANSCRIPT
What Is SPDY?
• “Speedy”• Next Gen Web Protocol
– Created by Google in 2009– Basis of HTTP/2 spec
• Designed for speed• Familiar Request/Response model
– Largely abstracted away– Much improved plumbing– Extra features
Massive Browser Support
Massive Server Support
Cast of Characters
• TCP• HTTP• SSL• X.509 Certificate• Cryptography (asymmetric & symmetric) • SPDY
HTTP/HTTPS
HTTP/SPDY/SSL Sandwich
• SPDY encapsulates HTTP requests– Single Multiplexed stream
• Transmits contents over SSL channel
Mapping To Frames
Breaking To Streams
Multiplexing Streams
HTTP Pipelining Revisited
Additional Features
• Server Push!• Header Compression• Body Compression• Better use of TCP connections• Better upgrade approach
Today’s Focus
• Setting the Stage for SPDY– Can speak SSL with a server– Can create a valid SSL connection– Client and Server agree to use SPDY
• Optimizing SPDY– Optimizing SSL– Optimizing SPDY– Avoiding optimizations that hurt SPDY
• Tools to help
SETTING THE STAGE FOR SPDY
SSL Connectivity
• Hostname resolves• IP is reachable• Web server is listening on SSL port• Web server understands SSL• Web server knows which site you want
– Shared Hosting and SNI
Listener on 443 is speaking SSL?
Creating a Valid SSL connection
• Agreement on crypto algorithms
• X.509 certificate is valid
X.509 Cert: Correct Domain?
X.509 Cert: Valid Time Period?
X.509 Cert: Is it Trusted?
X.509 Cert: Is it Trusted?
• Do I trust the issuer?– If not, was it signed by someone I trust?
• Has it been revoked?– CRL lists– Online Certificate Status Protocol (OCSP)
Agreeing to Use SPDY
• Client tells server it supports SPDY• Server tells client it supports SPDY• Client sends SPDY over SSL• Else, falls back to HTTP over SSL
SSL Handshake
Microsoft Technet: Host TLS/SSL Workshttp://bit.ly/16Zx0en
Announcing SPDY support in the SSL Handshake
Microsoft Technet: Host TLS/SSL Workshttp://bit.ly/16Zx0en
+ Ext:13172/AL
PN
+ NPN/ALPN
+ Ext:13172/ALPN
ClientHello with Extension 13172
ServerHello with NPN
Review: Speaking SPDY
• Client resolves and connects to SSL port• Client announces SPDY support inside
ClientHello • Server announces SPDY support in
ServerHello• Client validates X.509 cert, finalized SSL
connection• SPDY conversation happens
OPTIMIZING SSL/SPDY
The SSL Tarpits
• SSL handshake requires 2 round trips• Certificates can be large• Certificates need to be validated• Keys can be too large• Algorithms can be slow• Revocation
The SSL Handshake is Costly!
Microsoft Technet: Host TLS/SSL Workshttp://bit.ly/16Zx0en
Resume SSL Session
• Avoid regenerating keys• Avoid unneeded trips• 2 methods
Microsoft Technet: Host TLS/SSL Workshttp://bit.ly/16Zx0en
• Both sides keep state/cache• Reuse based on id• Widely supported
Microsoft Technet: Host TLS/SSL Workshttp://bit.ly/16Zx0en
sessionid: 3a8a…
Big cache of all ids given
out, and associated
keys/ciphers
Session Identifiers
• Client stores “Magic Ticket”• RFC 5077, optional• No IIS support
Microsoft Technet: Host TLS/SSL Workshttp://bit.ly/16Zx0en
Encrypted summary of keys/ciphers, signed by
server
Verifies summary is valid, uses
values
Session Tickets
SSL False Start
False Start: Not Gone
• “The Failure of False Start”• Chrome still does it!
– Desktop and mobile• Any server that supports NPN! (with
forward secure)– Any server with SPDY support…– Or SSL + NPN, but only announces HTTP/1.1!
Minimize the Certificate Chain
OCSP Validation causes delays
OCSP Stapling
• Good in theory, bad in practice• Browsers are moving away from OSCP
Heartbleed Ruined The Dream
• OCSP doesn’t scale
• DoS targets• We can’t do this
well
Oversized Asymmetric Keys
• 1024 is fine• 2048 for banks• Anything more is
overkill
Cipher Order/Choice Matters
• RC4 is the best• Unless on a
machine with AES-NI– Intel i7, Xeons,
some AMD– Not most virtual
machines!!!• First match wins
http://zombe.es/post/4078724716
Amazon EC2
• Partnered with Intel• Stop using M1!
Is SSL really helping you?
• SSL doesn’t “secure” your website– Prevents eavesdropping, tampering– Not XSS, CSRF, SQL Injection, Unpatched/out-
of-date software, RCE, LFI, etc.• Consider: NULL-MD5, NULL-SHA• SSL with no encryption
“Does this really matter?”
• Seriously?• 1024 more bytes in key?• 2 more kilobytes in the X.509 cert?• Accidently using AES-256?• Really?
“Does this really matter?”
OMG WTF MS?
SPDY Optimization
• SPDY only works over SSL• Ensure that all your traffic if over SSL• HTTP 301 direct for http: to https:
– Add a cache-control header!• HTTP Strict Transport Security (HSTS)
– Like the browser’s cache, but for protocol access. Make (semi) far future
– Wide support (>90% of SPDY capable browsers)
Avoid These Optimizations
• Domain Sharding– Hack to request multiplexing, not needed– Hurts SPDY by spreading requests out
• JavaScript CDNs– These are a horrible blight on the web!– http://statichtml.com/2011/google-ajax-
libraries-caching.html– https://github.com/h5bp/html5-boilerplate/
pull/1327
TOOLS
SSL Labs
SPDYCheck.org
Now on Github, GPL licensed!
SSL/SPDY Optimization Check List
• Website responds over SSL/443• Website has NPN extension (even without
SPDY for False Start)• X.509 certificate is valid• X.509 chain is short• SSL Asymmetric keys are <= 2048• Cipher is fast! (RC-4, AES-128 if supports
dedicated instructions)
SSL/SPDY Optimization Check List
• SSL session resumption is enabled (both identifiers and tickets)
• No SSL compression• Website is using latest version of SPDY• HTTP permanently (301) redirects to
HTTPS (including cache header)• HTTPS sends HTTP Strict Transport
Security header
Great Resources
• Ivan Ristic (blog.ivanristic.com)• Adam Langley (www.imperialviolet.org)• Mark Nottingham (www.mnot.net/blog/)
• Qualys SSL Labs (ssllabs.com)• SPDYCheck (spdycheck.org)
Free Performance Assessmentzoompf.com/free
Maximizing Performance with SPDY & SSL
Billy [email protected] @zoompf