unsafe ssl webinar
TRANSCRIPT
Detecting and addressing unsafe SSL configurations
Jonathan Trull, Wolfgang Kandek, Ivan Ristic!SSL Labs/Qualys
March 26, 2015
CISO’s View of SSL/TLS
• Key Component for Doing Business Online • Administra8ve burden as organiza8ons grow in size
• Compliance and Regulatory Requirements • PCI • FedRAMP • HIPAA • Graham-‐Leach-‐Bliley Act
• Reputa8on / Ensuring Trust
PCI-DSS Deep Dive • Use strong cryptography and security protocols
to safeguard cardholder data during transmission over open, public networks.
• PCI SSC Bulletin dated 13 February 2015
• No version of SSL meets PCI SSC’s definition of “strong cryptography.”
• PCI Data Security Standard and the Payment Application Data Security Standard are being updated to reflect this change.
BitSight Third-Party Due Diligence
Events • Botnet Infections • Spam Propagation • Malware Servers • Unsolicited Comm. • Potentially Exploited
Diligence • SPF Domains • DKIM Records • TLS/SSL Certificates • DNSSEC Records • Data Breaches
SSL History • Secure communica8on on the Internet
• E-‐commerce • Secure Sockets Layer – Netscape – 1994
• SSL v1,v2 – SSLv3 • TLS 1.2
• Typically hWps rather than hWp in your browser
SSL History
SSL History • Secure communica8on on the Internet
• E-‐commerce • Secure Sockets Layer – Netscape – 1994
• SSL v1,v2 – SSLv3 • TLS 1.2
• Typically hWps rather than hWp in your browser • Other less visibly uses: VPN, Mail, FTP…
SSL • Privacy – Encryp8on
• Ciphers: RC4, AES • Integrity – Hashing
• Hash-‐func8ons: SHA1, SHA-‐256 • Authen8ca8on – Cer8ficates
Qualys SSL Labs
https://www.ssllabs.com/
Qualys SSL Labs Server Test
Server Rating
Server Rating
SSL Vulnerabilities • Protocol vs Implementa8on • Implementa8ons: OpenSSL, Schannel, GnuTLS, PolarSSL,
LibreSSL, NSS, BSAFE, Secure Transport
• BREACH, CRIME – 2012
• Heartbleed – April 2014
• HTTPS request to a website • https://hbdemo.kandek.com • Site with registration, login, sessions • Data: username, password, email • Ubuntu 12.04, Apache, OpenSSL, MySQL • Data gets written to database • But stays in memory as well
SSL: Heartbleed
Heartbleed - details
• Heartbeat extension is enabled: good for performance as it keeps the session alive
• The Heartbeat extension has a programming flaw that allows us to receive more bytes than we sent: • Regular: sent “abc”, length 3, received “abc” • Exploit: send “abc” length 64, received “abc” plus registration
data • Size upto 64 KB, not logged, can be repeated freely
SSL
• HTTPS request to a website • https://hbdemo.kandek.com • Simple site with registration, login, sessions
SSL
Heartbleed – What can leak
• Session key cookies • PHPSESSIONID = 0xFFA34E2DE7E1
• Userdata, including passwords • Wait - Shouldn’t they be hashed? • Passwords are typically not hashed on client, but on server
• Private key for certificate • Allows for decryption of all traffic, future and past
Heartbleed – Leak demo
• Session key cookies • PHPSESSIONID = 0xFFA34E2DE7E1
• Userdata, including passwords • Wait - Shouldn’t they be hashed? • Passwords are typically not hashed on client, but on
server • Private key for certificate
• Allows for decryption of all traffic, future and past
SSL
• HTTPS request to a website • https://ubudc.kandek.com • Simple site with registration, login • Data: Username, password, email • Ubuntu 12.04, Apache, OpenSSL, MySQL • Data gets written to database • But stays in memory as well
SSL Vulnerabilities • Protocol vs Implementa8on • Implementa8ons: OpenSSL, Schannel, GnuTLS, PolarSSL,
LibreSSL, NSS, BSAFE, Secure Transport
• BREACH, CRIME – 2012
• Heartbleed – April 2014
• POODLE – October 2014
• FREAK – February 2015
• OpenSSL – DoS in March 2015
SSL - Making the Grade
SSL - Making the Grade
SSL - Making the Grade
• Instruc8ons for Apache, Tomcat, IIS and nginx
SSL - Making the Grade
SSL - Making the Grade
Qualys SSL Labs Server Test
SSL Labs API • SSL Labs is a web applica8on, designed for interac8ve use • API has been o`en requested
• March 2015 SSL Labs release: API • HTTP/JSON • https://api.ssllabs.com/api/v2/analyze?host=www.ssllabs.com • Docs at: hWps://github.com/ssllabs/ssllabs-‐scan
• Sample Command line tool: ssllabs-‐scan • Go Implementa8on: hWps://github.com/ssllabs/ssllabs-‐scan/
SSL Labs API • SSL Labs is a web applica8on, designed for interac8ve use • API has been o`en requested
• March 2015 SSL Labs release: API • HTTP/JSON • https://api.ssllabs.com/api/v2/analyze?host=www.ssllabs.com • Docs at: hWps://github.com/ssllabs/ssllabs-‐scan
• Sample Command line tool: ssllabs-‐scan • Go Implementa8on: hWps://github.com/ssllabs/ssllabs-‐scan/
SSL Labs API
SSL Labs API • SSL Labs is a web applica8on, designed for interac8ve use • API has been o`en requested
• March 2015 SSL Labs release: API • HTTP/JSON • https://api.ssllabs.com/api/v2/analyze?host=www.ssllabs.com • Docs at: hWps://github.com/ssllabs/ssllabs-‐scan
• Sample Command line tool: ssllabs-‐scan • Go Implementa8on: hWps://github.com/ssllabs/ssllabs-‐scan/
SSL Statistics - Pulse
SSL Clientside
SSL Labs Roadmap
• HSTS detec8on • Mixed Content detec8on • MITM aWack detec8on • IPv6 • Beyond HTTP
SSL – Other issues – Superfish • Lenovo preinstalls Superfish so`ware on consumer laptops • Superfish decrypts SSL connec8ons on the machines to be
able to read the SSL content and serve ads in the SSL content stream
• To do this transparently it installs a new root cer8ficate on the local machine and intercepts all SSL traffic resigning the site with its own cer8ficate
• Superfish objec8ve: MITM for ad revenue, i.e modify the web content on the fly, replace and inject ads with “beWer” ads, not an “aWack”
Example – Superfish installed
Lock indicates valid SSL connection
Strong encryption
Certificate issued by Superfish – not Verisign
Example – the real Qualys
EV certificate (green)
Superfished SSL Connections
SSL – Other issues – CA problems • Browsers trust a large set of CAs to correctly emit cer8ficates • Some8mes this goes wrong
SSL – Other issues – CA problems • Browsers trust a large set of CAs to correctly emit cer8ficates • Some8mes this goes wrong
SSL – Other issues – CA problems • Browsers trust a large set of CAs to correctly emit cer8ficates • Some8mes this goes wrong
• Recent Google CNNIC, similar last year in France, discovered through cer8ficate pinning
SSL – Other issues – CA problems • Browsers trust a large set of CAs to correctly emit cer8ficates • Some8mes this goes wrong
SSL – Other issues – CA problems • Browsers trust a large set of CAs to correctly emit cer8ficates • Some8mes this goes wrong
• Recent Google CNNIC, similar last year in France, discovered through cer8ficate pinning
• Domain ownership by e-‐mail is weak
Helpful Resources SSL/TLS Deployment Best Practices -
https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices.pdf
SSL Server Rating Guide – https://www.ssllabs.com/downloads/SSL_Server_Rating_Guide.pdf
SSL Labs API Guide - https://www.ssllabs.com/projects/ssllabs-apis/index.html
Bulletproof SSL and TLS - Ivan Ristic https://www.feistyduck.com/books/bulletproof-ssl-and-tls/
Thank You Jonathan Trull
Wolfgang Kandek [email protected]
@wkandek
Ivan Ris8c @ivanris8c
hWp://www.qualys.com