EXPORTssl原理
ssl原理 时间:2021-04-03 阅读:(
)
Tel+41552144160Fax+41552144161team@csnc.
chwww.
csnc.
chCompassSecuritySchweizAGWerkstrasse20Postfach2038CH-8645JonaSSL/TLSjunglebringinglightintothecipherforestForOWASP.
chDobinRutishauser,dobin.
rutishauser@csnc.
chCompassSecuritySchweizAG–www.
csnc.
ch10.
04.
2014,v1.
1CompassSecuritySchweizAGSlide2www.
csnc.
chAlternativetitle:MyHeartIsBleeding…CompassSecuritySchweizAGSlide3www.
csnc.
chContentSSL/TLSIntroductionSSL/TLSAttacks(BEAST,CRIME,.
.
)PerfectForwardSecrecy(PFS)PRISMHeartbleedTheCAProblemConclusionCompassSecuritySchweizAGSlide4www.
csnc.
chAboutmeDevelopmentofadistributedstealthportscannerforIRCfriendsin2001(dscan)–nuffsaid>3yearsatCompassSecuritySchweizAG.
WebAppHacking,PenetrationTesting,ExploitWriting,LinuxUserSomehowaquiredknowledgeaboutSSLduringCompassauditsCurrentproject:BurpSentinelPluginforBurp,soonZAPtooHelpsfindingvulnerabilitieshttps://github.
com/dobin/BurpSentinelCompassSecuritySchweizAGSlide5www.
csnc.
chWhat'sSSL/TLSCompassSecuritySchweizAGSlide6www.
csnc.
chhttps://ebanking-ch1.
ubs.
com:443/CompassSecuritySchweizAGSlide7www.
csnc.
chWhatdoesSSL/TLSdoProvidessecuretunnelforinsecureprotocolsConfidentialityIntegrityAuthenticityOftenusedwith:HTTPSMTP/IMAP/POP3VPNSIPCompassSecuritySchweizAGSlide8www.
csnc.
chWhereisTLSusedPublicWebsitesOnlineShoppingE-BankingOftenprovidedbyanentryserver/WAF(Airlock,SES,F5,.
.
)AdministrationInterfacesWAFvSphereHPManagementServiceTechnicalCommunicationWebFrontend->Backend(SOAP,REST,…)WLANPEAP-TLSVPNCompassSecuritySchweizAGSlide9www.
csnc.
chSSLHandshakeClientServerClientHeloAvailableCipherListServerHeloSelectedCipherServerCertificateClientKeyExchangeEncrypt_pubkey(sessionkey)Alrighty…CompassSecuritySchweizAGSlide10www.
csnc.
chOpenSSLCiphersSuitesExampleCompassSecuritySchweizAGSlide11www.
csnc.
chSSL/TLSDetailsCompassSecuritySchweizAGSlide12www.
csnc.
chOpenSSLCiphers–Structure$opensslciphers–vSSL/TLSVersionSSLv2,SSLv3,TLS1.
0,TLS1.
1,TLS1.
2KeyExchangeMechanismRSA,DH,DHE/EDH,ECDHE,…AuthenticationMechanismRSA,…EncryptionAlgorithmRC4,DES,AES,IDEA,SEED,…CompassSecuritySchweizAGSlide13www.
csnc.
chOpenSSLCiphers–EncryptionStrengthReallyBadNULL,EXP(EXPORT),ADHLOW:DES-CBCMEDIUM:SEED,IDEA,RC2RC4-MD5High:AES,AES-GCM,DES3CAMELIACompassSecuritySchweizAGSlide14www.
csnc.
chOpenSSLCiphers-KeyExchangeRSAClientencryptssessionkeywithpublickeyofservercertificateDHDiffieHellmankeyexchangeNOREALDHKEYEXCHANGE!
UsesstaticdatafromcertificateforkeyexchangeNoperfectforwardsecrecy(PFS)!
DHE/EDH/ECDHEEphemeralDiffieHellmanProvidesPFSCompassSecuritySchweizAGSlide15www.
csnc.
ch$sslyze–regularebanking-ch1.
ubs.
com:443*TLSV1CipherSuites:PreferredCipherSuite:DHE-RSA-AES256-SHA256bitsAcceptedCipherSuite(s):DHE-RSA-AES256-SHA256bitsAES256-SHA256bitsEDH-RSA-DES-CBC3-SHA168bitsDES-CBC3-SHA168bitsDHE-RSA-AES128-SHA128bitsAES128-SHA128bits*SSLV3CipherSuites:PreferredCipherSuite:DHE-RSA-AES256-SHA256bitsAcceptedCipherSuite(s):DHE-RSA-AES256-SHA256bitsAES256-SHA256bitsEDH-RSA-DES-CBC3-SHA168bits…https://ebanking-ch1.
ubs.
com:443/CompassSecuritySchweizAGSlide16www.
csnc.
chSSLVersions-WeaknessesSSLv2NoNoNo!
Lengthextensionattacks,truncationattacks,downgradeattacks,vulnerabletoMan-in-the-Middleattacks,…Patched-outinUbuntu(withoutupdatingmanpage)SSLv3Releasedin1996…WeakerkeyderivationthanTLS1.
0CannotbevalidatedunderFIPS140-2TherehavebeenvariousattacksonSSLv3implementationsVulnerabletocertainprotocoldowngradeattacksCompassSecuritySchweizAGSlide17www.
csnc.
chTLSVersion-AdvantagesTLS1.
0Releasedin1999(!
!
)CannotdowngradetoSSL3.
0UsesMD5ANDSHA1atthesametimeTLS1.
1AddedprotectionagainstCBCattacksTLS1.
2Enhancementofclientsidepreferredhash/signalgorithmnsSupportGCMandCCMciphersSupportedbyallmodernbrowsers!
CompassSecuritySchweizAGSlide18www.
csnc.
chhttps://ebanking-ch1.
ubs.
com:443/*SSLV3CipherSuites:PreferredCipherSuite:DHE-RSA-AES256-SHA256bits[…]*TLSV1CipherSuites:PreferredCipherSuite:DHE-RSA-AES256-SHA256bits[…]*TLSV1_1CipherSuites:PreferredCipherSuite:NoneAcceptedCipherSuite(s):None*TLSV1_2CipherSuites:PreferredCipherSuite:NoneAcceptedCipherSuite(s):NoneCompassSecuritySchweizAGSlide19www.
csnc.
chhttps://ebanking-ch1.
ubs.
com:443/CompassSecuritySchweizAGSlide20www.
csnc.
chTLSSupportinBrowsersCompassSecuritySchweizAGSlide21www.
csnc.
chSSL/TLSBrowserSupport1/2http://en.
wikipedia.
org/wiki/Transport_Layer_SecurityCompassSecuritySchweizAGSlide22www.
csnc.
chSSL/TLSBrowserSupport2/2http://en.
wikipedia.
org/wiki/Transport_Layer_SecurityCompassSecuritySchweizAGSlide23www.
csnc.
chComparisonbetweenRC4and3DESBrowserswithoutAESOldbrowsersmaynotsupportAESLikeIE6onXPRC4or3DESshouldalwaysbeofferedbytheServerRC4+NotvulnerabletoBEAST-Somesay,canbebrokeninrealtimebyNSA-Microsoftrecommendsdeveloperstonotuseitanymore-Severalvulnerabilities…(brokenin2^24connections)3DES+Old(1977)–butstillstrong-Butonly112bits.
No!
Only108bits…-CBC,sopossiblevulnerableagainstLucky13attacksCompassSecuritySchweizAGSlide24www.
csnc.
chCipherSecurityhttp://en.
wikipedia.
org/wiki/Transport_Layer_SecurityCompassSecuritySchweizAGSlide25www.
csnc.
chAttacksonTLS/SSLCompassSecuritySchweizAGSlide26www.
csnc.
chSSLAttacksBEAST(2011)InTLSDoSIndependantofeachother!
CompassSecuritySchweizAGSlide33www.
csnc.
chhttps://ebanking-ch1.
ubs.
com:443/$sslyze–-regularebanking-ch1.
ubs.
com:443*SessionRenegotiation:Client-initiatedRenegotiations:RejectedSecureRenegotiation:Supported*Compression:CompressionSupport:DisabledCompassSecuritySchweizAGSlide34www.
csnc.
chOtherSSLVulnerabilities…BrowserTLS->SSLdowngradefallbacksTLS1.
2->TLS1.
1->TLS1.
0->SSLv3!
JustneedsmanintheMiddleFixFakeCiphersNotreallyimplementedrightnowCompassSecuritySchweizAGSlide35www.
csnc.
chPRISMCompassSecuritySchweizAGSlide36www.
csnc.
chHowtothwarttheNSATheymaybeabletobreak:Export,NULL,LowCiphersMediumCiphers(RC2,RC4,IDEA,.
.
)andCAMELIA(HIGH,butwhoknows…)Butnot:CipherstheyusethemselfupandwithTOPSECRETAESorsecuredalongtimeago,andusedbybanks:DESCompassSecuritySchweizAGSlide37www.
csnc.
chHowtothwarttheNSAWhatiftheystealyourprivatekeysUsePFSSecureyourkeys!
(chmodo-r*.
key)WhatiftheydowngradeyoutoSSLv3DisableitWhatiftheydowngradeyoutoHTTPUseHSTSheaderTellbrowsertoonlyuseHTTPSforthisstie!
InsertyoursiteintobrowserHSTSlist!
WhatiftheyissueafakecertificateUsecertificatepinningCompassSecuritySchweizAGSlide38www.
csnc.
chHowtothwarttheNSABestAttackVector:ImplementationerrorsPastimplementationerros:Apple'sGotoFailTripleHandshakeGNUTLSCertificateChainValidationErrorHeartbleedThat'sjustfrom2014…ThiswillnotstopCompassSecuritySchweizAGSlide39www.
csnc.
chHeartbleedOpenSSL1.
0.
1*Remotelyexploitable64kb(!
)InformationDisclosureCanberepeatedindefinetlyDiscloses:SensitiveUserDataCookiesPrivateKeysPFSSessionKeys…ExploitispublicHeapFengShuiCodeData/HeapApache+OpenSSLProcessCompassSecuritySchweizAGSlide40www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide41www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide42www.
csnc.
chHeartbleedPopularsiteswhichexhibitsupportfortheTLSheartbeatextensionincludeTwitter,GitHub,Yahoo,Tumblr,Steam,DropBox,HypoVereinsbank,PostFinance,RegentsBank,CommonwealthBankofAustralia,andtheanonymoussearchengineDuckDuckGo.
CompassSecuritySchweizAGSlide43www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide44www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide45www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide46www.
csnc.
chHeartbleedFix:Apacheno-threads,forkforeveryconnectionNomoredataofotherusersDowngradetoOpenSSL1.
0.
0,0.
9.
8UpgradetoOpenSSL1.
0.
1gUpdateallyourkeysPFShelpsabitCompileOpenSSLwith-DOPENSSL_NO_HEARTBEATSHSM(HardwareSecurityModule–doesnotleakprivatekey)thereareXbadSSLlibrariesLetswriteAGOODSSLlibraryNow,thereareX+1badSSLlibrariesSource:OpenSSLisOpenSourcePullRequestForHeartbeatSupportNoconsequentpeerreviewCompassSecuritySchweizAGSlide47www.
csnc.
chTheCAProblemCompassSecuritySchweizAGSlide48www.
csnc.
chTheCAProblemCompassSecuritySchweizAGSlide49www.
csnc.
chTheCAProblemSource:SSLinderPraxis,sicher(AchimHoffmann)CompassSecuritySchweizAGSlide50www.
csnc.
chTheCAProblemHowtocheckforrevokedcertificatesCRLOfflineListReplayAttacksDNSSpoofing…OCSPLifecheckWhatifserverisnotreachableDNSSpoofing…CompassSecuritySchweizAGSlide51www.
csnc.
chTheCAProblemUsecertificatepinning!
Ignorethesignaturehierarchy!
Checkhashofpublic-keyinformationofthecertificateSubjectPublicKeyInfoOr,checktheissuerCA(alwaysshouldbeissuedbyVerisign,forexample)InBrowser:Chrome,IE,FFSendthemanemailtoincludeyoursiteinpinningmechanismNoofficalprocessInWindows:EMETInApps:Doityourself!
Veryeasy!
DontforgettopushnewversionbeforerenewalofcertificateCompassSecuritySchweizAGSlide52www.
csnc.
chConclusionCompassSecuritySchweizAGSlide53www.
csnc.
chConclusionDisableSSLv3(TLSonly)UseEphemeralCiphers(forPFS)UseAESCiphersDonotuseRC4DisableSSLandHTTPCompressionDisableClientandinsecureRenegotiationUpdateupdateupdate!
CompassSecuritySchweizAGSlide54www.
csnc.
chConclusion–WebPagesUsetrustworthyCANowildcardcertificatesEVcertificateWhynot…Forward:80->:443DeliverEVERYTHINGwithHTTPSUsesecureflagoncookiesUseHSTSheaderUseCertificatePinningCompassSecuritySchweizAGSlide55www.
csnc.
chReferencesSSLinderPraxis,sicherachim@owasp.
orghttps://www.
owasp.
org/images/5/55/SSL-in-der-Praxis_OWASP-Stammtisch-Muenchen.
pdfSSLCERTIFICATEGOODPRACTICEGUIDE,Portcullishttps://labs.
portcullis.
co.
uk/whitepapers/ssl-certificate-good-practice-guide/SSL/TLSDeploymentBestPractices,QualysSSLLABShttps://www.
ssllabs.
com/projects/best-practices/ImperialViolet(GoogleChromeDeveloperBlog)https://www.
imperialviolet.
org/Thispresentationisbasedonthefollowingblogentry:http://blog.
csnc.
ch/2013/11/compass-ssltls-recommendations/CompassSecuritySchweizAGSlide56www.
csnc.
chRant:BrowserIndicatorsCompassSecuritySchweizAGSlide57www.
csnc.
chRant:BrowserIndicatorsCompassSecuritySchweizAGSlide58www.
csnc.
chRant:BrowserIndicatorsCompassSecuritySchweizAGSlide59www.
csnc.
chRant:BrowserIndicators
ihostart怎么样?ihostart是一家国外新商家,主要提供cPanel主机、KVM VPS、大硬盘存储VPS和独立服务器,数据中心位于罗马尼亚,官方明确说明无视DMCA,对版权内容较为宽松。有需要的可以关注一下。目前,iHostART给出了罗马尼亚vps的优惠信息,罗马尼亚VPS无视DMCA、抗投诉vps/2核4G内存/40GB SSD/100M端口月流量2TB,€20/年。点击直达:ih...
virmach这是第二波出这种一次性周期的VPS了,只需要缴费1一次即可,用完即抛,也不允许你在后面续费。本次促销的是美国西海岸的圣何塞和美国东海岸的水牛城,周期为6个月,过后VPS会被自动且是强制性取消。需要临时玩玩的,又不想多花钱的用户,可以考虑下!官方网站:https://www.virmach.comTemporary Length Service Specials圣何塞VPS-一次性6个...
Hostio是一家成立于2006年的国外主机商,提供基于KVM架构的VPS主机,AMD EPYC CPU,NVMe硬盘,1-10Gbps带宽,最低月付5欧元起。商家采用自己的网络AS208258,宿主机采用2 x AMD Epyc 7452 32C/64T 2.3Ghz CPU,16*32GB内存,4个Samsung PM983 NVMe SSD,提供IPv4+IPv6。下面列出几款主机配置信息。...
ssl原理为你推荐
金评媒朱江请问朱江恺撒堡KX系列的钢琴怎么样?巨星prince去世有几位好莱坞巨星死在2016年商标注册流程及费用注册商标的程序及费用?嘉兴商标注册个人如何申请商标注册陈嘉垣陈嘉桓是谁?haokandianyingwang谁给个好看的电影网站看看。51sese.com谁有免费看电影的网站?avtt4.comwww.5c5c.com怎么进入抓站工具公司网站要备份,谁知道好用的网站抓取工具,能够抓取bbs论坛的。推荐一下,先谢过了!ip查询器怎么样查看自己电脑上的IP地址
中文域名注册查询 cpanel 免费网站监控 国外php空间 web服务器架设软件 hnyd 免费ftp站点 免费网站申请 微信收钱 数据库空间 免费稳定空间 九零网络 建站技术 WHMCS server2008 so域名 pptpvpn 西部数码主机 ddos防火墙 衡天主机 更多