Deciphering SSL/TLS Negotiation in Preparation for the 2020 Apocalypse

Delve into the complexities of SSL/TLS negotiation with insight from Jim Nitterauer, a Senior Security Engineer. Gain a deeper understanding of the mechanisms behind secure communication protocols. Prepare yourself for the challenges of the digital landscape in the impending 2020 apocalypse. Unravel the intricacies of encryption, authentication, and data integrity in this comprehensive examination.

• SSL/TLS
• Security Engineer
• Encryption
• Apocalypse
• Data Integrity

zreb Follow

Uploaded on Feb 21, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Decrypting the Mess that is SSL /TLS Negotiation Preparing for the 2020 Apocalypse Jim Nitterauer Senior Security Engineer

2. Disclaimer Information disclosed in this presentation is intended to help improve your security & privacy posture and should not be used for unethical purposes The concepts presented are in no way meant to imply original research on my part or on the part of my employer Information presented here is gathered from public and private sources with proper references and credit provided where applicable The views expressed in this talk are not necessarily the views of my employer 2

3. Agenda 3

4. 4

5. Agenda What Will We Cover? Overview of SSL/TLS Versions Differences History SSL Negotiation Process Thru TLS 1.2 TLS 1.3 differences Why SSL/TLS Version Support Matters Akamai Browser vendors SSL/TLS Vulnerabilities Types of attacks Mechanisms 5

6. Agenda What Will We Cover? (continued) Strategies for Monitoring TLS Negotiation at the Edge Load Balancers Log Aggregation SSL/TLS Example Data Taking Monitoring to the Next Level Blocking deprecated versions Preventing attacks Preparing Your Environment Resources Wrap-up 6

7. Overview of SSL/TLS Versions What is SSL/TLS? SSL Secure Socket Layer TLS Transport Layer Security The overall goal of SSL/TLS is to protect the privacy and integrity of communications between two end points. This is typically a communication between a client and a server. This goal is achieved by encrypting data exchanged between the two end points. This is accomplished using a combination of asymmetric (public key) and symmetric cryptography. 7

8. Overview of SSL/TLS Versions What is SSL/TLS? Validated using Public Key Cryptography Trusted Certificate Authority PKI w/ certificate revocation Perfect Forward Secrecy Insures that previous communications cannot be decrypted if Private Key is compromised Not always implemented but should be! Client / Server Applications HTTPS IMAP SMTP FTPS 8

9. Overview of SSL/TLS Versions History SSL Introduced by Netscape in 1994 SSL Version 1.0 never released Serious security flaw SSL Version 2.0 released in 1995 SSL Version 3.0 released in November, 1996 Fixed several security design flaws TLS Version 1.0 released in 1999 Upgrade to SSL Version 3.0 SSL Fallback mechanism RFC 2246 TLS Version 1.1 released in April, 2006 Protection against Cipher Block Chaining (CBC) attacks 9

10. Overview of SSL/TLS Versions History (continued) TLS Version 1.2 released in August, 2008 RFC 5246 Added cipher-suite-specified pseudorandom functions Added AES cipher suites Removed IDEA & DES cipher suites SSL Version 2.0 deprecated in 2011 Recommended for complete abandonment (RFC 6176) Multiple deficiencies TLS Version 1.3 released in August, 2018 RFC 8446 IETF ten year / 28 revision process Removes SHA-1, MD5, RC4, DES & 3DES ciphers SNI encryption & single round trip 10

11. Overview of SSL/TLS Versions History Resources https://www.acunetix.com/blog/articles/tls-security-what-is-tls-ssl-part-1/ Four part overview of SSL/TLS Easy to understand https://www.feistyduck.com/ssl-tls-and-pki-history/ Detailed timeline Shows major milestones as well as exploits 11

12. SSL/ TLS Negotiation Process OSI Model 12 https://www.hostingadvice.com/how-to/tls-vs-ssl/

13. SSL/ TLS Negotiation Process Part One The Handshake Applies to every SSL/TLS connection Determines cipher suite to be used Determines protocol version to be used Requires asymmetric cryptography Public Key via validated certificate Private Key known only to server Typically only basic or one-way authentication Some servers may require two-way authentication This requires two asymmetric negotiations Might be seen in transactions like funds transfers where both ends must be known Requires 3 round trip communications 13

14. SSL/ TLS Negotiation Process Part One The Handshake 14 Image from https://cheapsslsecurity.com/blog/what-is-ssl-tls-handshake-understand-the-process-in-just-3-minutes/

15. SSL/ TLS Negotiation Process Part Two Data Transfer After agreeing on a session key (AKA Master Session Key), all communication between the end points occurs via the use of that negotiated key for encrypting and decrypting traffic transferred between client and server. This is called the Record Layer. This process is most commonly seen in web traffic but the same basic process applies to SMTP, POP3, IMAP, FTPS, or any other common service protocol that needs communicate between two end points securely. 15

16. SSL/ TLS Negotiation Process TLS 1.3 Part One The Handshake Same basic information as previous versions must be exchanged The process of exchanging that data differs Results in a single round trip between the client and server before data is encrypted Also has a mechanism called 0-RTT resumption If the client connected before, TLS 1.3 allows zero-roundtrip handshake Server stores secret info from previous connections 0-RTT might have security implications Lack of full forward secrecy (think private certificate compromise) Possible replay attack issues TLS 1.3 has mechanisms to deal with both 16

17. SSL/ TLS Negotiation Process TLS 1.3 The Handshake TLS 1.2 vs TLS 1.3 https://www.cloudflare.com/learning-resources/tls-1-3/ 17

18. SSL/ TLS Negotiation Process TLS 1.3 The Handshake TLS 1.2 vs TLS 1.3 Features Removed From TLS 1.3 Static RSA handshake CBC MtE modes RC4 SHA1 / MD5 Compression Renegotiation Features Added to TLS 1.3 Full Handshake Signature Downgrade Protection Abbreviated resumption w/ optional (EC)DHE Curve 25519 and 448 18

19. Why SSL/TLS Version Support Matters Service Provider & Browser Support Chrome SSL v3 removed in 2015 Effectively eliminates all SSL versions from common use Deprecated TLS 1.0 & TLS 1.1 support in version 72 Version 81 & over won t be able to connect to non-TLS 1.2/1.3 sites Akamai Cloud services Discontinued support for TLS 1.0 & 1.1 on January 7th, 2019 PCI SSC Deprecated TLS 1.0 in Data Security Standard on June 30th, 2018 TLS 1.1 still allowed but most switched to TLS 1.2 Cloudflare Disabled TLS 1.0 & 1.1 on June 4th, 2018 19

20. Why SSL/TLS Version Support Matters Service Provider & Browser Support (continued) Microsoft Office 365 only supports TLS 1.2 starting October 31st, 2018 No TLS 1.3 adoption in Windows schannel as of April 4th, 2019 Google, Microsoft, Apple & Mozilla Agree to end TLS 1.0 & TLS 1.1 support in March, 2020 Currently, less than 2% of all traffic is TLS 1.0 or TLS 1.2 TLS 1.2 or better is required for HTTP 2.0 Will only offer a limited number of acceptable ciphers SSL Labs Estimates about 94% of existing sites support TLS 1.2 Bigger issue will be other services SMTP, IMAP, etc. https://arstechnica.com/gadgets/2018/10/browser-vendors-unite-to-end-support-for-20-year-old-tls-1-0/ 20

21. Why SSL/TLS Version Support Matters Service Provider & Browser Support (continued) Issues not being discussed SMTP TLS negotiation multitude of servers misconfigured IMAP TLS negotiation multitude of servers misconfigured APIs TLS versions DNS over HTTPS IoT devices lacking support 21

22. SSL/TLS Vulnerabilities Protocol Related Insecure renegotiation August, 2009 Sslstrip August, 2009 NUL byte attacks August, 2009 Firesheep October, 2010 BEAST June, 2011 Insufficient Entropy on Embedded Devices February, 2012 Flame May, 2012 CRIME September, 2012 Lucky 13 February, 2013 RC4 Biases March, 2013 22

23. SSL/TLS Vulnerabilities Protocol Related TIME March, 2013 BREACH August, 2013 Bullrun and Edgehill September, 2013 Dual EC DRBG September, 2013 Triple Handshake Attack March, 2014 Heartbleed April, 2014 New Bleichenbacher Side Channels and Attacks August, 2014 BERserk September, 2014 POODLE October, 2014 POODLE TLS December, 2014 23

24. SSL/TLS Vulnerabilities Protocol Related Superfish February, 2015 SMACK March, 2015 FREAK March, 2015 Logjam May, 2015 SLOTH January, 2016 DROWN March, 2016 Sweet 32 August, 2016 ROBOT Attack December, 2017 24

25. SSL/TLS Vulnerabilities Protocol Related These attacks are typically initiated via MITM type activity. The attacker intercepts a connection at the handshake stage then alters the handshake request (which is unencrypted) attempting to force the client and server to negotiate a connection using the weakest accepted version, the weakest available cipher suite or a combination of both. This allows the MITM to capture the conversation and later use brute force tools to decrypt the information or in some cases, the encryption is so weak, the data can be decrypted in real time by the attacker. The important points here: 1. The server accepted and responded to version downgrade requests 2. The server and the client are configured to allow the use of weak or deprecated cipher suites for key exchange 25

26. Monitoring TLS Negotiation at the Edge End to End Encryption Load balancer does not terminate TLS connection Susceptible to DDoS / downgrade attacks Use rules executed on load balancer to handle connection TCP Connection on port 443 Look at TCP Payload TLS version is found in bytes 2-3 F5 use TCL to extract bytes Act based on version Log to remote logging 26

27. Monitoring TLS Negotiation at the Edge End to End Encryption 27

28. Monitoring TLS Negotiation at the Edge End to End Encryption All connections are tracked using iRule Client Connections Server Connections We set decimal value to lowest accepted SSL/TLS protocol All connections are logged to remote Graylog cluster No SSL termination occurs on the load balancer Dropping connections w/ less than TLS 1.0 currently We still see a significant number of client connections attempting to use TLS 1.0 28

29. Monitoring TLS Negotiation at the Edge SSL/TLS Example Data 29

30. Taking Monitoring to the Next Level Enhance All The Things How can we make things better? Examine and limit cipher suites by packet Limit allowed SSL/TLS versions Rate limit TCP connections using data tables Key Exchange validation Other application protocols apply to: SMTP POP3 IMAP Others 30

31. Preparing Your Environment Load Balancer and Logging Load balancer Write and test rule Apply to desired interface Configure remote logging Log Aggregation Build a Graylog cluster Minimum 2 node Elasticsearch cluster Testing Tools Wireshark / TCP Dump Packet generation tool like Scapy 31

32. Resources Interesting Links http://blog.fourthbit.com/2014/12/23/traffic-analysis-of-an-ssl-slash-tls-session http://docs.graylog.org/en/3.0/ https://www.feistyduck.com/ssl-tls-and-pki-history/ https://www.ssl.com/article/deprecating-early-tls/ https://www.ssl.com/article/tls-1-3-is-here-to-stay/ https://www.acunetix.com/blog/articles/tls-security-what-is-tls-ssl-part-1/ https://www.digicert.com/blog/depreciating-tls-1-0-and-1-1/ https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/ https://www.thesslstore.com/blog/google-chrome-72-deprecates-support-for- tls-1-0-tls-1-1/ https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html 32

33. Resources More Interesting Links https://www.cloudinsidr.com/content/how-to-activate-http2-with-ssltls-encryption-in- nginx-for-secure-connections/ https://www.weakdh.org/ https://www.ssllabs.com/ssltest/index.html https://www.sslshopper.com/ssl-checker.htm https://badssl.com/ https://www.httpvshttps.com/ https://www.wormly.com/tools https://www.digicert.com/help/ https://www.htbridge.com/ssl/ https://juliansimioni.com/blog/https-on-nginx-from-zero-to-a-plus-part-2- configuration-ciphersuites-and-performance/ 33

34. Example Site Rating Uses TLS 1.3 34

35. Example Site Rating Compliance Testing 35

36. Example Site Rating Using TLS 1.3 36

37. Specifications for TLS 1.3 What Made TLS 1.3 Work? Running on CentOS 7.0 Nginx Compiled from source code Included Openssl 1.1.1b Linked to newly generated dhparams ex. openssl dhparam -out dhparams-4096.pem 4096 Enabled TLSv1.3 Included ssl_dhparam /etc/nginx/dhparams-4096.pem; Included ssl_ecdh_curve secp384r1; Included ssl_ciphers "TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256- GCM-SHA384:TLS13-AES-128-GCM- SHA256:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; 37

38. Wrap-up So what now? Questions & Answers Contact Info jnitterauer@appriver.com @jnitterauer https://www.linkedin.com/in/jnitterauer 850-932-5338 ext. 6468 38