EXPORTssl原理
ssl原理 时间:2021-04-03 阅读:(
)
Tel+41552144160Fax+41552144161team@csnc.
chwww.
csnc.
chCompassSecuritySchweizAGWerkstrasse20Postfach2038CH-8645JonaSSL/TLSjunglebringinglightintothecipherforestForOWASP.
chDobinRutishauser,dobin.
rutishauser@csnc.
chCompassSecuritySchweizAG–www.
csnc.
ch10.
04.
2014,v1.
1CompassSecuritySchweizAGSlide2www.
csnc.
chAlternativetitle:MyHeartIsBleeding…CompassSecuritySchweizAGSlide3www.
csnc.
chContentSSL/TLSIntroductionSSL/TLSAttacks(BEAST,CRIME,.
.
)PerfectForwardSecrecy(PFS)PRISMHeartbleedTheCAProblemConclusionCompassSecuritySchweizAGSlide4www.
csnc.
chAboutmeDevelopmentofadistributedstealthportscannerforIRCfriendsin2001(dscan)–nuffsaid>3yearsatCompassSecuritySchweizAG.
WebAppHacking,PenetrationTesting,ExploitWriting,LinuxUserSomehowaquiredknowledgeaboutSSLduringCompassauditsCurrentproject:BurpSentinelPluginforBurp,soonZAPtooHelpsfindingvulnerabilitieshttps://github.
com/dobin/BurpSentinelCompassSecuritySchweizAGSlide5www.
csnc.
chWhat'sSSL/TLSCompassSecuritySchweizAGSlide6www.
csnc.
chhttps://ebanking-ch1.
ubs.
com:443/CompassSecuritySchweizAGSlide7www.
csnc.
chWhatdoesSSL/TLSdoProvidessecuretunnelforinsecureprotocolsConfidentialityIntegrityAuthenticityOftenusedwith:HTTPSMTP/IMAP/POP3VPNSIPCompassSecuritySchweizAGSlide8www.
csnc.
chWhereisTLSusedPublicWebsitesOnlineShoppingE-BankingOftenprovidedbyanentryserver/WAF(Airlock,SES,F5,.
.
)AdministrationInterfacesWAFvSphereHPManagementServiceTechnicalCommunicationWebFrontend->Backend(SOAP,REST,…)WLANPEAP-TLSVPNCompassSecuritySchweizAGSlide9www.
csnc.
chSSLHandshakeClientServerClientHeloAvailableCipherListServerHeloSelectedCipherServerCertificateClientKeyExchangeEncrypt_pubkey(sessionkey)Alrighty…CompassSecuritySchweizAGSlide10www.
csnc.
chOpenSSLCiphersSuitesExampleCompassSecuritySchweizAGSlide11www.
csnc.
chSSL/TLSDetailsCompassSecuritySchweizAGSlide12www.
csnc.
chOpenSSLCiphers–Structure$opensslciphers–vSSL/TLSVersionSSLv2,SSLv3,TLS1.
0,TLS1.
1,TLS1.
2KeyExchangeMechanismRSA,DH,DHE/EDH,ECDHE,…AuthenticationMechanismRSA,…EncryptionAlgorithmRC4,DES,AES,IDEA,SEED,…CompassSecuritySchweizAGSlide13www.
csnc.
chOpenSSLCiphers–EncryptionStrengthReallyBadNULL,EXP(EXPORT),ADHLOW:DES-CBCMEDIUM:SEED,IDEA,RC2RC4-MD5High:AES,AES-GCM,DES3CAMELIACompassSecuritySchweizAGSlide14www.
csnc.
chOpenSSLCiphers-KeyExchangeRSAClientencryptssessionkeywithpublickeyofservercertificateDHDiffieHellmankeyexchangeNOREALDHKEYEXCHANGE!
UsesstaticdatafromcertificateforkeyexchangeNoperfectforwardsecrecy(PFS)!
DHE/EDH/ECDHEEphemeralDiffieHellmanProvidesPFSCompassSecuritySchweizAGSlide15www.
csnc.
ch$sslyze–regularebanking-ch1.
ubs.
com:443*TLSV1CipherSuites:PreferredCipherSuite:DHE-RSA-AES256-SHA256bitsAcceptedCipherSuite(s):DHE-RSA-AES256-SHA256bitsAES256-SHA256bitsEDH-RSA-DES-CBC3-SHA168bitsDES-CBC3-SHA168bitsDHE-RSA-AES128-SHA128bitsAES128-SHA128bits*SSLV3CipherSuites:PreferredCipherSuite:DHE-RSA-AES256-SHA256bitsAcceptedCipherSuite(s):DHE-RSA-AES256-SHA256bitsAES256-SHA256bitsEDH-RSA-DES-CBC3-SHA168bits…https://ebanking-ch1.
ubs.
com:443/CompassSecuritySchweizAGSlide16www.
csnc.
chSSLVersions-WeaknessesSSLv2NoNoNo!
Lengthextensionattacks,truncationattacks,downgradeattacks,vulnerabletoMan-in-the-Middleattacks,…Patched-outinUbuntu(withoutupdatingmanpage)SSLv3Releasedin1996…WeakerkeyderivationthanTLS1.
0CannotbevalidatedunderFIPS140-2TherehavebeenvariousattacksonSSLv3implementationsVulnerabletocertainprotocoldowngradeattacksCompassSecuritySchweizAGSlide17www.
csnc.
chTLSVersion-AdvantagesTLS1.
0Releasedin1999(!
!
)CannotdowngradetoSSL3.
0UsesMD5ANDSHA1atthesametimeTLS1.
1AddedprotectionagainstCBCattacksTLS1.
2Enhancementofclientsidepreferredhash/signalgorithmnsSupportGCMandCCMciphersSupportedbyallmodernbrowsers!
CompassSecuritySchweizAGSlide18www.
csnc.
chhttps://ebanking-ch1.
ubs.
com:443/*SSLV3CipherSuites:PreferredCipherSuite:DHE-RSA-AES256-SHA256bits[…]*TLSV1CipherSuites:PreferredCipherSuite:DHE-RSA-AES256-SHA256bits[…]*TLSV1_1CipherSuites:PreferredCipherSuite:NoneAcceptedCipherSuite(s):None*TLSV1_2CipherSuites:PreferredCipherSuite:NoneAcceptedCipherSuite(s):NoneCompassSecuritySchweizAGSlide19www.
csnc.
chhttps://ebanking-ch1.
ubs.
com:443/CompassSecuritySchweizAGSlide20www.
csnc.
chTLSSupportinBrowsersCompassSecuritySchweizAGSlide21www.
csnc.
chSSL/TLSBrowserSupport1/2http://en.
wikipedia.
org/wiki/Transport_Layer_SecurityCompassSecuritySchweizAGSlide22www.
csnc.
chSSL/TLSBrowserSupport2/2http://en.
wikipedia.
org/wiki/Transport_Layer_SecurityCompassSecuritySchweizAGSlide23www.
csnc.
chComparisonbetweenRC4and3DESBrowserswithoutAESOldbrowsersmaynotsupportAESLikeIE6onXPRC4or3DESshouldalwaysbeofferedbytheServerRC4+NotvulnerabletoBEAST-Somesay,canbebrokeninrealtimebyNSA-Microsoftrecommendsdeveloperstonotuseitanymore-Severalvulnerabilities…(brokenin2^24connections)3DES+Old(1977)–butstillstrong-Butonly112bits.
No!
Only108bits…-CBC,sopossiblevulnerableagainstLucky13attacksCompassSecuritySchweizAGSlide24www.
csnc.
chCipherSecurityhttp://en.
wikipedia.
org/wiki/Transport_Layer_SecurityCompassSecuritySchweizAGSlide25www.
csnc.
chAttacksonTLS/SSLCompassSecuritySchweizAGSlide26www.
csnc.
chSSLAttacksBEAST(2011)InTLSDoSIndependantofeachother!
CompassSecuritySchweizAGSlide33www.
csnc.
chhttps://ebanking-ch1.
ubs.
com:443/$sslyze–-regularebanking-ch1.
ubs.
com:443*SessionRenegotiation:Client-initiatedRenegotiations:RejectedSecureRenegotiation:Supported*Compression:CompressionSupport:DisabledCompassSecuritySchweizAGSlide34www.
csnc.
chOtherSSLVulnerabilities…BrowserTLS->SSLdowngradefallbacksTLS1.
2->TLS1.
1->TLS1.
0->SSLv3!
JustneedsmanintheMiddleFixFakeCiphersNotreallyimplementedrightnowCompassSecuritySchweizAGSlide35www.
csnc.
chPRISMCompassSecuritySchweizAGSlide36www.
csnc.
chHowtothwarttheNSATheymaybeabletobreak:Export,NULL,LowCiphersMediumCiphers(RC2,RC4,IDEA,.
.
)andCAMELIA(HIGH,butwhoknows…)Butnot:CipherstheyusethemselfupandwithTOPSECRETAESorsecuredalongtimeago,andusedbybanks:DESCompassSecuritySchweizAGSlide37www.
csnc.
chHowtothwarttheNSAWhatiftheystealyourprivatekeysUsePFSSecureyourkeys!
(chmodo-r*.
key)WhatiftheydowngradeyoutoSSLv3DisableitWhatiftheydowngradeyoutoHTTPUseHSTSheaderTellbrowsertoonlyuseHTTPSforthisstie!
InsertyoursiteintobrowserHSTSlist!
WhatiftheyissueafakecertificateUsecertificatepinningCompassSecuritySchweizAGSlide38www.
csnc.
chHowtothwarttheNSABestAttackVector:ImplementationerrorsPastimplementationerros:Apple'sGotoFailTripleHandshakeGNUTLSCertificateChainValidationErrorHeartbleedThat'sjustfrom2014…ThiswillnotstopCompassSecuritySchweizAGSlide39www.
csnc.
chHeartbleedOpenSSL1.
0.
1*Remotelyexploitable64kb(!
)InformationDisclosureCanberepeatedindefinetlyDiscloses:SensitiveUserDataCookiesPrivateKeysPFSSessionKeys…ExploitispublicHeapFengShuiCodeData/HeapApache+OpenSSLProcessCompassSecuritySchweizAGSlide40www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide41www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide42www.
csnc.
chHeartbleedPopularsiteswhichexhibitsupportfortheTLSheartbeatextensionincludeTwitter,GitHub,Yahoo,Tumblr,Steam,DropBox,HypoVereinsbank,PostFinance,RegentsBank,CommonwealthBankofAustralia,andtheanonymoussearchengineDuckDuckGo.
CompassSecuritySchweizAGSlide43www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide44www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide45www.
csnc.
chHeartbleedCompassSecuritySchweizAGSlide46www.
csnc.
chHeartbleedFix:Apacheno-threads,forkforeveryconnectionNomoredataofotherusersDowngradetoOpenSSL1.
0.
0,0.
9.
8UpgradetoOpenSSL1.
0.
1gUpdateallyourkeysPFShelpsabitCompileOpenSSLwith-DOPENSSL_NO_HEARTBEATSHSM(HardwareSecurityModule–doesnotleakprivatekey)thereareXbadSSLlibrariesLetswriteAGOODSSLlibraryNow,thereareX+1badSSLlibrariesSource:OpenSSLisOpenSourcePullRequestForHeartbeatSupportNoconsequentpeerreviewCompassSecuritySchweizAGSlide47www.
csnc.
chTheCAProblemCompassSecuritySchweizAGSlide48www.
csnc.
chTheCAProblemCompassSecuritySchweizAGSlide49www.
csnc.
chTheCAProblemSource:SSLinderPraxis,sicher(AchimHoffmann)CompassSecuritySchweizAGSlide50www.
csnc.
chTheCAProblemHowtocheckforrevokedcertificatesCRLOfflineListReplayAttacksDNSSpoofing…OCSPLifecheckWhatifserverisnotreachableDNSSpoofing…CompassSecuritySchweizAGSlide51www.
csnc.
chTheCAProblemUsecertificatepinning!
Ignorethesignaturehierarchy!
Checkhashofpublic-keyinformationofthecertificateSubjectPublicKeyInfoOr,checktheissuerCA(alwaysshouldbeissuedbyVerisign,forexample)InBrowser:Chrome,IE,FFSendthemanemailtoincludeyoursiteinpinningmechanismNoofficalprocessInWindows:EMETInApps:Doityourself!
Veryeasy!
DontforgettopushnewversionbeforerenewalofcertificateCompassSecuritySchweizAGSlide52www.
csnc.
chConclusionCompassSecuritySchweizAGSlide53www.
csnc.
chConclusionDisableSSLv3(TLSonly)UseEphemeralCiphers(forPFS)UseAESCiphersDonotuseRC4DisableSSLandHTTPCompressionDisableClientandinsecureRenegotiationUpdateupdateupdate!
CompassSecuritySchweizAGSlide54www.
csnc.
chConclusion–WebPagesUsetrustworthyCANowildcardcertificatesEVcertificateWhynot…Forward:80->:443DeliverEVERYTHINGwithHTTPSUsesecureflagoncookiesUseHSTSheaderUseCertificatePinningCompassSecuritySchweizAGSlide55www.
csnc.
chReferencesSSLinderPraxis,sicherachim@owasp.
orghttps://www.
owasp.
org/images/5/55/SSL-in-der-Praxis_OWASP-Stammtisch-Muenchen.
pdfSSLCERTIFICATEGOODPRACTICEGUIDE,Portcullishttps://labs.
portcullis.
co.
uk/whitepapers/ssl-certificate-good-practice-guide/SSL/TLSDeploymentBestPractices,QualysSSLLABShttps://www.
ssllabs.
com/projects/best-practices/ImperialViolet(GoogleChromeDeveloperBlog)https://www.
imperialviolet.
org/Thispresentationisbasedonthefollowingblogentry:http://blog.
csnc.
ch/2013/11/compass-ssltls-recommendations/CompassSecuritySchweizAGSlide56www.
csnc.
chRant:BrowserIndicatorsCompassSecuritySchweizAGSlide57www.
csnc.
chRant:BrowserIndicatorsCompassSecuritySchweizAGSlide58www.
csnc.
chRant:BrowserIndicatorsCompassSecuritySchweizAGSlide59www.
csnc.
chRant:BrowserIndicators
819云互联 在本月发布了一个购买香港,日本独立服务器的活动,相对之前的首月活动性价比更高,最多只能享受1个月的活动 续费价格恢复原价 是有些颇高 这次819云互联与机房是合作伙伴 本次拿到机房 活动7天内购买独立服务器后期的长期续费价格 加大力度 确实来说这次的就可以买年付或者更长时间了…本次是5个机房可供选择,独立服务器最低默认是50M带宽,不限制流量,。官网:https://ww...
BuyVM测评,BuyVM怎么样?BuyVM好不好?BuyVM,2010年成立的国外老牌稳定商家,Frantech Solutions旗下,主要提供基于KVM的VPS服务器,数据中心有拉斯维加斯、纽约、卢森堡,付费可选强大的DDOS防护(月付3美金),特色是1Gbps不限流量,稳定商家,而且卢森堡不限版权。1G或以上内存可以安装Windows 2012 64bit,无需任何费用,所有型号包括免费的...
全新PHP短网址系统URL缩短器平台,它使您可以轻松地缩短链接,根据受众群体的位置或平台来定位受众,并为缩短的链接提供分析见解。系统使用了Laravel框架编写,前后台双语言使用,可以设置多域名,还可以开设套餐等诸多功能,值得使用。链接: https://pan.baidu.com/s/1ti6XqJ22tp1ULTJw7kYHog?pwd=sarg 提取码: sarg文件解压密码 www.wn7...
ssl原理为你推荐
哈利波特罗恩升级当爸哈利波特的爸爸妈妈身份急救知识纳入考试100%的大学生有学习现场急救知识的欲望吗bbs.99nets.com怎么把电脑的IP设置和路由器一个网段18comic.fun有什么好玩的网站杰景新特我准备在网上买杰普特711RBES长笛,10700元,这价格合理吗?还有,这是纯银的吗,是国内组装的吗?haokandianyingwang谁有好看电影网站啊、要无毒播放速度快的、在线等菊爆盘请问网上百度贴吧里有些下载地址,他们就直接说菊爆盘,然后后面有字母和数字,比如dk几几几的,机器蜘蛛尼尔机械纪元机械蜘蛛怎么过 机械蜘蛛打法攻略解析雀嘴鳝雀鳝鱼嘴巴变红甚么缘由红玉头冠wow里面达拉然那个鼎鼎有名的佛罗佐的头部是什么啊?就是三颗冰晶的那个,我记得是可以得到的、因为看
老域名失效请用户记下 什么是域名 网址域名注册 域名备案号查询 谷歌域名邮箱 香港加速器 优惠码 idc评测网 监控宝 绍兴高防 嘉洲服务器 ibox官网 dd444 双拼域名 服务器是干什么的 免费高速空间 如何注册阿里云邮箱 常州联通宽带 如何建立邮箱 申请网站 更多