EXPORTssl原理
ssl原理 时间:2021-04-03 阅读:(
)
Tel+41552144160Fax+41552144161team@csnc.
chwww.
csnc.
chCompassSecuritySchweizAGWerkstrasse20Postfach2038CH-8645JonaSSL/TLSjunglebringinglightintothecipherforestForOWASP.
chDobinRutishauser,dobin.
rutishauser@csnc.
chCompassSecuritySchweizAG–www.
csnc.
ch10.
04.
2014,v1.
1CompassSecuritySchweizAGSlide2www.
csnc.
chAlternativetitle:MyHeartIsBleeding…CompassSecuritySchweizAGSlide3www.
csnc.
chContentSSL/TLSIntroductionSSL/TLSAttacks(BEAST,CRIME,.
.
)PerfectForwardSecrecy(PFS)PRISMHeartbleedTheCAProblemConclusionCompassSecuritySchweizAGSlide4www.
csnc.
chAboutmeDevelopmentofadistributedstealthportscannerforIRCfriendsin2001(dscan)–nuffsaid>3yearsatCompassSecuritySchweizAG.
WebAppHacking,PenetrationTesting,ExploitWriting,LinuxUserSomehowaquiredknowledgeaboutSSLduringCompassauditsCurrentproject:BurpSentinelPluginforBurp,soonZAPtooHelpsfindingvulnerabilitieshttps://github.
com/dobin/BurpSentinelCompassSecuritySchweizAGSlide5www.
csnc.
chWhat'sSSL/TLSCompassSecuritySchweizAGSlide6www.
csnc.
chhttps://ebanking-ch1.
ubs.
com:443/CompassSecuritySchweizAGSlide7www.
csnc.
chWhatdoesSSL/TLSdoProvidessecuretunnelforinsecureprotocolsConfidentialityIntegrityAuthenticityOftenusedwith:HTTPSMTP/IMAP/POP3VPNSIPCompassSecuritySchweizAGSlide8www.
csnc.
chWhereisTLSusedPublicWebsitesOnlineShoppingE-BankingOftenprovidedbyanentryserver/WAF(Airlock,SES,F5,.
.
)AdministrationInterfacesWAFvSphereHPManagementServiceTechnicalCommunicationWebFrontend->Backend(SOAP,REST,…)WLANPEAP-TLSVPNCompassSecuritySchweizAGSlide9www.
csnc.
chSSLHandshakeClientServerClientHeloAvailableCipherListServerHeloSelectedCipherServerCertificateClientKeyExchangeEncrypt_pubkey(sessionkey)Alrighty…CompassSecuritySchweizAGSlide10www.
csnc.
chOpenSSLCiphersSuitesExampleCompassSecuritySchweizAGSlide11www.
csnc.
chSSL/TLSDetailsCompassSecuritySchweizAGSlide12www.
csnc.
chOpenSSLCiphers–Structure$opensslciphers–vSSL/TLSVersionSSLv2,SSLv3,TLS1.
0,TLS1.
1,TLS1.
2KeyExchangeMechanismRSA,DH,DHE/EDH,ECDHE,…AuthenticationMechanismRSA,…EncryptionAlgorithmRC4,DES,AES,IDEA,SEED,…CompassSecuritySchweizAGSlide13www.
csnc.
chOpenSSLCiphers–EncryptionStrengthReallyBadNULL,EXP(EXPORT),ADHLOW:DES-CBCMEDIUM:SEED,IDEA,RC2RC4-MD5High:AES,AES-GCM,DES3CAMELIACompassSecuritySchweizAGSlide14www.
csnc.
chOpenSSLCiphers-KeyExchangeRSAClientencryptssessionkeywithpublickeyofservercertificateDHDiffieHellmankeyexchangeNOREALDHKEYEXCHANGE!
UsesstaticdatafromcertificateforkeyexchangeNoperfectforwardsecrecy(PFS)!
DHE/EDH/ECDHEEphemeralDiffieHellmanProvidesPFSCompassSecuritySchweizAGSlide15www.
csnc.
ch$sslyze–regularebanking-ch1.
ubs.
com:443*TLSV1CipherSuites:PreferredCipherSuite:DHE-RSA-AES256-SHA256bitsAcceptedCipherSuite(s):DHE-RSA-AES256-SHA256bitsAES256-SHA256bitsEDH-RSA-DES-CBC3-SHA168bitsDES-CBC3-SHA168bitsDHE-RSA-AES128-SHA128bitsAES128-SHA128bits*SSLV3CipherSuites:PreferredCipherSuite:DHE-RSA-AES256-SHA256bitsAcceptedCipherSuite(s):DHE-RSA-AES256-SHA256bitsAES256-SHA256bitsEDH-RSA-DES-CBC3-SHA168bits…https://ebanking-ch1.
ubs.
com:443/CompassSecuritySchweizAGSlide16www.
csnc.
chSSLVersions-WeaknessesSSLv2NoNoNo!
Lengthextensionattacks,truncationattacks,downgradeattacks,vulnerabletoMan-in-the-Middleattacks,…Patched-outinUbuntu(withoutupdatingmanpage)SSLv3Releasedin1996…WeakerkeyderivationthanTLS1.
0CannotbevalidatedunderFIPS140-2TherehavebeenvariousattacksonSSLv3implementationsVulnerabletocertainprotocoldowngradeattacksCompassSecuritySchweizAGSlide17www.
csnc.
chTLSVersion-AdvantagesTLS1.
0Releasedin1999(!
!
)CannotdowngradetoSSL3.
0UsesMD5ANDSHA1atthesametimeTLS1.
1AddedprotectionagainstCBCattacksTLS1.
2Enhancementofclientsidepreferredhash/signalgorithmnsSupportGCMandCCMciphersSupportedbyallmodernbrowsers!
CompassSecuritySchweizAGSlide18www.
csnc.
chhttps://ebanking-ch1.
ubs.
com:443/*SSLV3CipherSuites:PreferredCipherSuite:DHE-RSA-AES256-SHA256bits[…]*TLSV1CipherSuites:PreferredCipherSuite:DHE-RSA-AES256-SHA256bits[…]*TLSV1_1CipherSuites:PreferredCipherSuite:NoneAcceptedCipherSuite(s):None*TLSV1_2CipherSuites:PreferredCipherSuite:NoneAcceptedCipherSuite(s):NoneCompassSecuritySchweizAGSlide19www.
csnc.
chhttps://ebanking-ch1.
ubs.
com:443/CompassSecuritySchweizAGSlide20www.
csnc.
chTLSSupportinBrowsersCompassSecuritySchweizAGSlide21www.
csnc.
chSSL/TLSBrowserSupport1/2http://en.
wikipedia.
org/wiki/Transport_Layer_SecurityCompassSecuritySchweizAGSlide22www.
csnc.
chSSL/TLSBrowserSupport2/2http://en.
wikipedia.
org/wiki/Transport_Layer_SecurityCompassSecuritySchweizAGSlide23www.
csnc.
chComparisonbetweenRC4and3DESBrowserswithoutAESOldbrowsersmaynotsupportAESLikeIE6onXPRC4or3DESshouldalwaysbeofferedbytheServerRC4+NotvulnerabletoBEAST-Somesay,canbebrokeninrealtimebyNSA-Microsoftrecommendsdeveloperstonotuseitanymore-Severalvulnerabilities…(brokenin2^24connections)3DES+Old(1977)–butstillstrong-Butonly112bits.
No!
Only108bits…-CBC,sopossiblevulnerableagainstLucky13attacksCompassSecuritySchweizAGSlide24www.
csnc.
chCipherSecurityhttp://en.
wikipedia.
org/wiki/Transport_Layer_SecurityCompassSecuritySchweizAGSlide25www.
csnc.
chAttacksonTLS/SSLCompassSecuritySchweizAGSlide26www.
csnc.
chSSLAttacksBEAST(2011)InTLSDoSIndependantofeachother!
CompassSecuritySchweizAGSlide33www.
csnc.
chhttps://ebanking-ch1.
ubs.
com:443/$sslyze–-regularebanking-ch1.
ubs.
com:443*SessionRenegotiation:Client-initiatedRenegotiations:RejectedSecureRenegotiation:Supported*Compression:CompressionSupport:DisabledCompassSecuritySchweizAGSlide34www.
csnc.
chOtherSSLVulnerabilities…BrowserTLS->SSLdowngradefallbacksTLS1.
2->TLS1.
1->TLS1.
0->SSLv3!
JustneedsmanintheMiddleFixFakeCiphersNotreallyimplementedrightnowCompassSecuritySchweizAGSlide35www.
csnc.
chPRISMCompassSecuritySchweizAGSlide36www.
csnc.
chHowtothwarttheNSATheymaybeabletobreak:Export,NULL,LowCiphersMediumCiphers(RC2,RC4,IDEA,.
.
)andCAMELIA(HIGH,butwhoknows…)Butnot:CipherstheyusethemselfupandwithTOPSECRETAESorsecuredalongtimeago,andusedbybanks:DESCompassSecuritySchweizAGSlide37www.
csnc.
chHowtothwarttheNSAWhatiftheystealyourprivatekeysUsePFSSecureyourkeys!
(chmodo-r*.
key)WhatiftheydowngradeyoutoSSLv3DisableitWhatiftheydowngradeyoutoHTTPUseHSTSheaderTellbrowsertoonlyuseHTTPSforthisstie!
InsertyoursiteintobrowserHSTSlist!
WhatiftheyissueafakecertificateUsecertificatepinningCompassSecuritySchweizAGSlide38www.
csnc.
chHowtothwarttheNSABestAttackVector:ImplementationerrorsPastimplementationerros:Apple'sGotoFailTripleHandshakeGNUTLSCertificateChainValidationErrorHeartbleedThat'sjustfrom2014…ThiswillnotstopCompassSecuritySchweizAGSlide39www.
csnc.
chHeartbleedOpenSSL1.
0.
1*Remotelyexploitable64kb(!
)InformationDisclosureCanberepeatedindefinetlyDiscloses:SensitiveUserDataCookiesPrivateKeysPFSSessionKeys…ExploitispublicHeapFengShuiCodeData/HeapApache+OpenSSLProcessCompassSecuritySchweizAGSlide40www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide41www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide42www.
csnc.
chHeartbleedPopularsiteswhichexhibitsupportfortheTLSheartbeatextensionincludeTwitter,GitHub,Yahoo,Tumblr,Steam,DropBox,HypoVereinsbank,PostFinance,RegentsBank,CommonwealthBankofAustralia,andtheanonymoussearchengineDuckDuckGo.
CompassSecuritySchweizAGSlide43www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide44www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide45www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide46www.
csnc.
chHeartbleedFix:Apacheno-threads,forkforeveryconnectionNomoredataofotherusersDowngradetoOpenSSL1.
0.
0,0.
9.
8UpgradetoOpenSSL1.
0.
1gUpdateallyourkeysPFShelpsabitCompileOpenSSLwith-DOPENSSL_NO_HEARTBEATSHSM(HardwareSecurityModule–doesnotleakprivatekey)thereareXbadSSLlibrariesLetswriteAGOODSSLlibraryNow,thereareX+1badSSLlibrariesSource:OpenSSLisOpenSourcePullRequestForHeartbeatSupportNoconsequentpeerreviewCompassSecuritySchweizAGSlide47www.
csnc.
chTheCAProblemCompassSecuritySchweizAGSlide48www.
csnc.
chTheCAProblemCompassSecuritySchweizAGSlide49www.
csnc.
chTheCAProblemSource:SSLinderPraxis,sicher(AchimHoffmann)CompassSecuritySchweizAGSlide50www.
csnc.
chTheCAProblemHowtocheckforrevokedcertificatesCRLOfflineListReplayAttacksDNSSpoofing…OCSPLifecheckWhatifserverisnotreachableDNSSpoofing…CompassSecuritySchweizAGSlide51www.
csnc.
chTheCAProblemUsecertificatepinning!
Ignorethesignaturehierarchy!
Checkhashofpublic-keyinformationofthecertificateSubjectPublicKeyInfoOr,checktheissuerCA(alwaysshouldbeissuedbyVerisign,forexample)InBrowser:Chrome,IE,FFSendthemanemailtoincludeyoursiteinpinningmechanismNoofficalprocessInWindows:EMETInApps:Doityourself!
Veryeasy!
DontforgettopushnewversionbeforerenewalofcertificateCompassSecuritySchweizAGSlide52www.
csnc.
chConclusionCompassSecuritySchweizAGSlide53www.
csnc.
chConclusionDisableSSLv3(TLSonly)UseEphemeralCiphers(forPFS)UseAESCiphersDonotuseRC4DisableSSLandHTTPCompressionDisableClientandinsecureRenegotiationUpdateupdateupdate!
CompassSecuritySchweizAGSlide54www.
csnc.
chConclusion–WebPagesUsetrustworthyCANowildcardcertificatesEVcertificateWhynot…Forward:80->:443DeliverEVERYTHINGwithHTTPSUsesecureflagoncookiesUseHSTSheaderUseCertificatePinningCompassSecuritySchweizAGSlide55www.
csnc.
chReferencesSSLinderPraxis,sicherachim@owasp.
orghttps://www.
owasp.
org/images/5/55/SSL-in-der-Praxis_OWASP-Stammtisch-Muenchen.
pdfSSLCERTIFICATEGOODPRACTICEGUIDE,Portcullishttps://labs.
portcullis.
co.
uk/whitepapers/ssl-certificate-good-practice-guide/SSL/TLSDeploymentBestPractices,QualysSSLLABShttps://www.
ssllabs.
com/projects/best-practices/ImperialViolet(GoogleChromeDeveloperBlog)https://www.
imperialviolet.
org/Thispresentationisbasedonthefollowingblogentry:http://blog.
csnc.
ch/2013/11/compass-ssltls-recommendations/CompassSecuritySchweizAGSlide56www.
csnc.
chRant:BrowserIndicatorsCompassSecuritySchweizAGSlide57www.
csnc.
chRant:BrowserIndicatorsCompassSecuritySchweizAGSlide58www.
csnc.
chRant:BrowserIndicatorsCompassSecuritySchweizAGSlide59www.
csnc.
chRant:BrowserIndicators
瓜云互联一直主打超高性价比的海外vps产品,主要以美国cn2、香港cn2线路为主,100M以内高宽带,非常适合个人使用、企业等等!安全防护体系 弹性灵活,能为提供简单、 高效、智能、快速、低成本的云防护,帮助个人、企业从实现网络攻击防御,同时也承诺产品24H支持退换,不喜欢可以找客服退现,诚信自由交易!官方网站:点击访问瓜云互联官网活动方案:打折优惠策略:新老用户购买服务器统统9折优惠预存返款活动...
说明一下:gcorelabs的俄罗斯远东机房“伯力”既有“Virtual servers”也有“CLOUD SERVICES”,前者是VPS,后者是云服务器,不是一回事;由于平日大家习惯把VPS和云服务器当做一回事儿,所以这里要特别说明一下。本次测评的是gcorelabs的cloud,也就是云服务器。 官方网站:https://gcorelabs.com 支持:数字加密货币、信用卡、PayPal...
ftlcloud(超云)目前正在搞暑假促销,美国圣何塞数据中心的云服务器低至9元/月,系统盘与数据盘分离,支持Windows和Linux,免费防御CC攻击,自带10Gbps的DDoS防御。FTL-超云服务器的主要特色:稳定、安全、弹性、高性能的云端计算服务,快速部署,并且可根据业务需要扩展计算能力,按需付费,节约成本,提高资源的有效利用率。活动地址:https://www.ftlcloud.com...
ssl原理为你推荐
云爆发云联惠是什么来的商标注册流程及费用我想注册商标一般需要什么流程和费用?嘀动网手机一键通用来干嘛呢?xyq.163.cbg.com梦幻CBG的网站是什么。seo优化工具seo优化软件有哪些?seo优化工具SEO优化神器有什么比较好的?8090lu.com8090看看电影网怎么打不开了lcoc.top服装英语中double topstitches什么意思m88.comwww.m88.com现在的官方网址是哪个啊 ?www.m88.com怎么样?www.idanmu.com万通奇迹,www.wcm77.HK 是传销么?
pccw 免费主机 京东云擎 好看的桌面背景大图 云主机51web 华为网络硬盘 我爱水煮鱼 河南移动邮件系统 日本bb瘦 web服务器的架设 国外代理服务器地址 流量计费 免费全能主机 傲盾官网 上海联通宽带测速 谷歌搜索打不开 japanese50m咸熟 美国asp空间 cloudflare weblogic部署 更多