EXPORTssl原理

ssl原理  时间:2021-04-03  阅读:()
Tel+41552144160Fax+41552144161team@csnc.
chwww.
csnc.
chCompassSecuritySchweizAGWerkstrasse20Postfach2038CH-8645JonaSSL/TLSjunglebringinglightintothecipherforestForOWASP.
chDobinRutishauser,dobin.
rutishauser@csnc.
chCompassSecuritySchweizAG–www.
csnc.
ch10.
04.
2014,v1.
1CompassSecuritySchweizAGSlide2www.
csnc.
chAlternativetitle:MyHeartIsBleeding…CompassSecuritySchweizAGSlide3www.
csnc.
chContentSSL/TLSIntroductionSSL/TLSAttacks(BEAST,CRIME,.
.
)PerfectForwardSecrecy(PFS)PRISMHeartbleedTheCAProblemConclusionCompassSecuritySchweizAGSlide4www.
csnc.
chAboutmeDevelopmentofadistributedstealthportscannerforIRCfriendsin2001(dscan)–nuffsaid>3yearsatCompassSecuritySchweizAG.
WebAppHacking,PenetrationTesting,ExploitWriting,LinuxUserSomehowaquiredknowledgeaboutSSLduringCompassauditsCurrentproject:BurpSentinelPluginforBurp,soonZAPtooHelpsfindingvulnerabilitieshttps://github.
com/dobin/BurpSentinelCompassSecuritySchweizAGSlide5www.
csnc.
chWhat'sSSL/TLSCompassSecuritySchweizAGSlide6www.
csnc.
chhttps://ebanking-ch1.
ubs.
com:443/CompassSecuritySchweizAGSlide7www.
csnc.
chWhatdoesSSL/TLSdoProvidessecuretunnelforinsecureprotocolsConfidentialityIntegrityAuthenticityOftenusedwith:HTTPSMTP/IMAP/POP3VPNSIPCompassSecuritySchweizAGSlide8www.
csnc.
chWhereisTLSusedPublicWebsitesOnlineShoppingE-BankingOftenprovidedbyanentryserver/WAF(Airlock,SES,F5,.
.
)AdministrationInterfacesWAFvSphereHPManagementServiceTechnicalCommunicationWebFrontend->Backend(SOAP,REST,…)WLANPEAP-TLSVPNCompassSecuritySchweizAGSlide9www.
csnc.
chSSLHandshakeClientServerClientHeloAvailableCipherListServerHeloSelectedCipherServerCertificateClientKeyExchangeEncrypt_pubkey(sessionkey)Alrighty…CompassSecuritySchweizAGSlide10www.
csnc.
chOpenSSLCiphersSuitesExampleCompassSecuritySchweizAGSlide11www.
csnc.
chSSL/TLSDetailsCompassSecuritySchweizAGSlide12www.
csnc.
chOpenSSLCiphers–Structure$opensslciphers–vSSL/TLSVersionSSLv2,SSLv3,TLS1.
0,TLS1.
1,TLS1.
2KeyExchangeMechanismRSA,DH,DHE/EDH,ECDHE,…AuthenticationMechanismRSA,…EncryptionAlgorithmRC4,DES,AES,IDEA,SEED,…CompassSecuritySchweizAGSlide13www.
csnc.
chOpenSSLCiphers–EncryptionStrengthReallyBadNULL,EXP(EXPORT),ADHLOW:DES-CBCMEDIUM:SEED,IDEA,RC2RC4-MD5High:AES,AES-GCM,DES3CAMELIACompassSecuritySchweizAGSlide14www.
csnc.
chOpenSSLCiphers-KeyExchangeRSAClientencryptssessionkeywithpublickeyofservercertificateDHDiffieHellmankeyexchangeNOREALDHKEYEXCHANGE!
UsesstaticdatafromcertificateforkeyexchangeNoperfectforwardsecrecy(PFS)!
DHE/EDH/ECDHEEphemeralDiffieHellmanProvidesPFSCompassSecuritySchweizAGSlide15www.
csnc.
ch$sslyze–regularebanking-ch1.
ubs.
com:443*TLSV1CipherSuites:PreferredCipherSuite:DHE-RSA-AES256-SHA256bitsAcceptedCipherSuite(s):DHE-RSA-AES256-SHA256bitsAES256-SHA256bitsEDH-RSA-DES-CBC3-SHA168bitsDES-CBC3-SHA168bitsDHE-RSA-AES128-SHA128bitsAES128-SHA128bits*SSLV3CipherSuites:PreferredCipherSuite:DHE-RSA-AES256-SHA256bitsAcceptedCipherSuite(s):DHE-RSA-AES256-SHA256bitsAES256-SHA256bitsEDH-RSA-DES-CBC3-SHA168bits…https://ebanking-ch1.
ubs.
com:443/CompassSecuritySchweizAGSlide16www.
csnc.
chSSLVersions-WeaknessesSSLv2NoNoNo!
Lengthextensionattacks,truncationattacks,downgradeattacks,vulnerabletoMan-in-the-Middleattacks,…Patched-outinUbuntu(withoutupdatingmanpage)SSLv3Releasedin1996…WeakerkeyderivationthanTLS1.
0CannotbevalidatedunderFIPS140-2TherehavebeenvariousattacksonSSLv3implementationsVulnerabletocertainprotocoldowngradeattacksCompassSecuritySchweizAGSlide17www.
csnc.
chTLSVersion-AdvantagesTLS1.
0Releasedin1999(!
!
)CannotdowngradetoSSL3.
0UsesMD5ANDSHA1atthesametimeTLS1.
1AddedprotectionagainstCBCattacksTLS1.
2Enhancementofclientsidepreferredhash/signalgorithmnsSupportGCMandCCMciphersSupportedbyallmodernbrowsers!
CompassSecuritySchweizAGSlide18www.
csnc.
chhttps://ebanking-ch1.
ubs.
com:443/*SSLV3CipherSuites:PreferredCipherSuite:DHE-RSA-AES256-SHA256bits[…]*TLSV1CipherSuites:PreferredCipherSuite:DHE-RSA-AES256-SHA256bits[…]*TLSV1_1CipherSuites:PreferredCipherSuite:NoneAcceptedCipherSuite(s):None*TLSV1_2CipherSuites:PreferredCipherSuite:NoneAcceptedCipherSuite(s):NoneCompassSecuritySchweizAGSlide19www.
csnc.
chhttps://ebanking-ch1.
ubs.
com:443/CompassSecuritySchweizAGSlide20www.
csnc.
chTLSSupportinBrowsersCompassSecuritySchweizAGSlide21www.
csnc.
chSSL/TLSBrowserSupport1/2http://en.
wikipedia.
org/wiki/Transport_Layer_SecurityCompassSecuritySchweizAGSlide22www.
csnc.
chSSL/TLSBrowserSupport2/2http://en.
wikipedia.
org/wiki/Transport_Layer_SecurityCompassSecuritySchweizAGSlide23www.
csnc.
chComparisonbetweenRC4and3DESBrowserswithoutAESOldbrowsersmaynotsupportAESLikeIE6onXPRC4or3DESshouldalwaysbeofferedbytheServerRC4+NotvulnerabletoBEAST-Somesay,canbebrokeninrealtimebyNSA-Microsoftrecommendsdeveloperstonotuseitanymore-Severalvulnerabilities…(brokenin2^24connections)3DES+Old(1977)–butstillstrong-Butonly112bits.
No!
Only108bits…-CBC,sopossiblevulnerableagainstLucky13attacksCompassSecuritySchweizAGSlide24www.
csnc.
chCipherSecurityhttp://en.
wikipedia.
org/wiki/Transport_Layer_SecurityCompassSecuritySchweizAGSlide25www.
csnc.
chAttacksonTLS/SSLCompassSecuritySchweizAGSlide26www.
csnc.
chSSLAttacksBEAST(2011)InTLSDoSIndependantofeachother!
CompassSecuritySchweizAGSlide33www.
csnc.
chhttps://ebanking-ch1.
ubs.
com:443/$sslyze–-regularebanking-ch1.
ubs.
com:443*SessionRenegotiation:Client-initiatedRenegotiations:RejectedSecureRenegotiation:Supported*Compression:CompressionSupport:DisabledCompassSecuritySchweizAGSlide34www.
csnc.
chOtherSSLVulnerabilities…BrowserTLS->SSLdowngradefallbacksTLS1.
2->TLS1.
1->TLS1.
0->SSLv3!
JustneedsmanintheMiddleFixFakeCiphersNotreallyimplementedrightnowCompassSecuritySchweizAGSlide35www.
csnc.
chPRISMCompassSecuritySchweizAGSlide36www.
csnc.
chHowtothwarttheNSATheymaybeabletobreak:Export,NULL,LowCiphersMediumCiphers(RC2,RC4,IDEA,.
.
)andCAMELIA(HIGH,butwhoknows…)Butnot:CipherstheyusethemselfupandwithTOPSECRETAESorsecuredalongtimeago,andusedbybanks:DESCompassSecuritySchweizAGSlide37www.
csnc.
chHowtothwarttheNSAWhatiftheystealyourprivatekeysUsePFSSecureyourkeys!
(chmodo-r*.
key)WhatiftheydowngradeyoutoSSLv3DisableitWhatiftheydowngradeyoutoHTTPUseHSTSheaderTellbrowsertoonlyuseHTTPSforthisstie!
InsertyoursiteintobrowserHSTSlist!
WhatiftheyissueafakecertificateUsecertificatepinningCompassSecuritySchweizAGSlide38www.
csnc.
chHowtothwarttheNSABestAttackVector:ImplementationerrorsPastimplementationerros:Apple'sGotoFailTripleHandshakeGNUTLSCertificateChainValidationErrorHeartbleedThat'sjustfrom2014…ThiswillnotstopCompassSecuritySchweizAGSlide39www.
csnc.
chHeartbleedOpenSSL1.
0.
1*Remotelyexploitable64kb(!
)InformationDisclosureCanberepeatedindefinetlyDiscloses:SensitiveUserDataCookiesPrivateKeysPFSSessionKeys…ExploitispublicHeapFengShuiCodeData/HeapApache+OpenSSLProcessCompassSecuritySchweizAGSlide40www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide41www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide42www.
csnc.
chHeartbleedPopularsiteswhichexhibitsupportfortheTLSheartbeatextensionincludeTwitter,GitHub,Yahoo,Tumblr,Steam,DropBox,HypoVereinsbank,PostFinance,RegentsBank,CommonwealthBankofAustralia,andtheanonymoussearchengineDuckDuckGo.
CompassSecuritySchweizAGSlide43www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide44www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide45www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide46www.
csnc.
chHeartbleedFix:Apacheno-threads,forkforeveryconnectionNomoredataofotherusersDowngradetoOpenSSL1.
0.
0,0.
9.
8UpgradetoOpenSSL1.
0.
1gUpdateallyourkeysPFShelpsabitCompileOpenSSLwith-DOPENSSL_NO_HEARTBEATSHSM(HardwareSecurityModule–doesnotleakprivatekey)thereareXbadSSLlibrariesLetswriteAGOODSSLlibraryNow,thereareX+1badSSLlibrariesSource:OpenSSLisOpenSourcePullRequestForHeartbeatSupportNoconsequentpeerreviewCompassSecuritySchweizAGSlide47www.
csnc.
chTheCAProblemCompassSecuritySchweizAGSlide48www.
csnc.
chTheCAProblemCompassSecuritySchweizAGSlide49www.
csnc.
chTheCAProblemSource:SSLinderPraxis,sicher(AchimHoffmann)CompassSecuritySchweizAGSlide50www.
csnc.
chTheCAProblemHowtocheckforrevokedcertificatesCRLOfflineListReplayAttacksDNSSpoofing…OCSPLifecheckWhatifserverisnotreachableDNSSpoofing…CompassSecuritySchweizAGSlide51www.
csnc.
chTheCAProblemUsecertificatepinning!
Ignorethesignaturehierarchy!
Checkhashofpublic-keyinformationofthecertificateSubjectPublicKeyInfoOr,checktheissuerCA(alwaysshouldbeissuedbyVerisign,forexample)InBrowser:Chrome,IE,FFSendthemanemailtoincludeyoursiteinpinningmechanismNoofficalprocessInWindows:EMETInApps:Doityourself!
Veryeasy!
DontforgettopushnewversionbeforerenewalofcertificateCompassSecuritySchweizAGSlide52www.
csnc.
chConclusionCompassSecuritySchweizAGSlide53www.
csnc.
chConclusionDisableSSLv3(TLSonly)UseEphemeralCiphers(forPFS)UseAESCiphersDonotuseRC4DisableSSLandHTTPCompressionDisableClientandinsecureRenegotiationUpdateupdateupdate!
CompassSecuritySchweizAGSlide54www.
csnc.
chConclusion–WebPagesUsetrustworthyCANowildcardcertificatesEVcertificateWhynot…Forward:80->:443DeliverEVERYTHINGwithHTTPSUsesecureflagoncookiesUseHSTSheaderUseCertificatePinningCompassSecuritySchweizAGSlide55www.
csnc.
chReferencesSSLinderPraxis,sicherachim@owasp.
orghttps://www.
owasp.
org/images/5/55/SSL-in-der-Praxis_OWASP-Stammtisch-Muenchen.
pdfSSLCERTIFICATEGOODPRACTICEGUIDE,Portcullishttps://labs.
portcullis.
co.
uk/whitepapers/ssl-certificate-good-practice-guide/SSL/TLSDeploymentBestPractices,QualysSSLLABShttps://www.
ssllabs.
com/projects/best-practices/ImperialViolet(GoogleChromeDeveloperBlog)https://www.
imperialviolet.
org/Thispresentationisbasedonthefollowingblogentry:http://blog.
csnc.
ch/2013/11/compass-ssltls-recommendations/CompassSecuritySchweizAGSlide56www.
csnc.
chRant:BrowserIndicatorsCompassSecuritySchweizAGSlide57www.
csnc.
chRant:BrowserIndicatorsCompassSecuritySchweizAGSlide58www.
csnc.
chRant:BrowserIndicatorsCompassSecuritySchweizAGSlide59www.
csnc.
chRant:BrowserIndicators

妮妮云(30元),美国300G防御 2核4G 107.6元,美国高速建站 2核2G

妮妮云的来历妮妮云是 789 陈总 张总 三方共同投资建立的网站 本着“良心 便宜 稳定”的初衷 为小白用户避免被坑妮妮云的市场定位妮妮云主要代理市场稳定速度的云服务器产品,避免新手购买云服务器的时候众多商家不知道如何选择,妮妮云就帮你选择好了产品,无需承担购买风险,不用担心出现被跑路 被诈骗的情况。妮妮云的售后保证妮妮云退款 通过于合作商的友好协商,云服务器提供2天内全额退款,超过2天不退款 物...

LetBox:美国洛杉矶/新泽西AMD大硬盘VPS,10TB流量,充值返余额,最低3.3美元两个月

LetBox此次促销依然是AMD Ryzen处理器+NVME硬盘+HDD大硬盘,以前是5TB月流量,现在免费升级到10TB月流量。另外还有返余额的活动,如果月付,月付多少返多少;如果季付或者半年付,返25%;如果年付,返10%。依然全部KVM虚拟化,可自定义ISO系统。需要大硬盘vps、大流量vps、便宜AMD VPS的朋友不要错过了。不过LetBox对帐号审核严格,最好注册邮箱和paypal帐号...

ucloud国内云服务器2元/月起;香港云服务器4元/首月;台湾云服务器3元/首月

ucloud云服务器怎么样?ucloud为了扩大云服务器市场份额,给出了超低价云服务器的促销活动,活动仍然是此前的Ucloud全球大促活动页面。目前,ucloud国内云服务器2元/月起;香港云服务器4元/首月;台湾云服务器3元/首月。相当于2-4元就可以试用国内、中国香港、中国台湾这三个地域的云服务器1个月了。ucloud全球大促仅限新用户,国内云服务器个人用户低至56元/年起,香港云服务器也仅8...

ssl原理为你推荐
brandoff国际大牌包包都有哪些呐?今日油条天天吃油条,身体会怎么样7788k.comwww.k6320.com 大家给我看看这网站是真是假...地陷裂口地陷前期会有什么征兆吗?网站检测请问论文检测网站好的有那些?haole16.com国色天香16 17全集高清在线观看 国色天香qvod快播迅雷下载地址www.vtigu.com如图,已知四边形ABCD是平行四边形,下列条件:①AC=BD,②AB=AD,③∠1=∠2④AB⊥BC中,能说明平行四边形www.544qq.COM跪求:天时达T092怎么下载QQjavbibi日文里的bibi是什么意思www.idanmu.com腾讯有qqsk.zik.mu这个网站吗?
已备案域名注册 郑州服务器租用 工信部域名备案 新网域名解析 wordpress主机 enzu 息壤备案 美国php主机 godaddy优惠券 免空 腾讯云分析 qq对话框 hktv ca187 华为云盘 华为云服务登录 美国独立日 登陆空间 starry 下载速度测试 更多