BULLETPROOF SSL AND TLS Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications 90 Ivan Ristic buay Last update:Mon Apr01334BST015(build 59)
BULLETPROOF SSL AND TLS Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications Ivan Ristić Free edition: Getting Started Last update: Mon Apr 20 19:30:34 BST 2015 (build 592)
Table of Contents Preface. .XV Scope and Audience Contents SSL versus TLS SSLLabs Online Resources 女 Feedback About the Author Acknowledgment 1.SSL,TLS,and Cryptography 1 Transport Layer Security 1 Networking Layers 2 History 3 Cryptography 4 Building Blocks 5 Protocols Attacking Cryptography 6 Measuring Strength 17 Man-in-the-Middle Attack 8 2.Protocol. Record Protocol Handshake Protocol 25 Full Handshake 26 Session Resumption 234 Key Exchange rsa key exchange 358 Diffie-Hellman Key Exchange Elliptic Curve Diffie-Hellman Key Exchange 80
Table of Contents Preface . xv Scope and Audience xvi Contents xvii SSL versus TLS xix SSL Labs xix Online Resources xx Feedback xxi About the Author xxi Acknowledgments xxi 1. SSL, TLS, and Cryptography . 1 Transport Layer Security 1 Networking Layers 2 Protocol History 3 Cryptography 4 Building Blocks 5 Protocols 15 Attacking Cryptography 16 Measuring Strength 17 Man-in-the-Middle Attack 18 2. Protocol . 23 Record Protocol 24 Handshake Protocol 25 Full Handshake 26 Client Authentication 32 Session Resumption 34 Key Exchange 35 RSA Key Exchange 38 Dife-Hellman Key Exchange 38 Elliptic Curve Dife-Hellman Key Exchange 40 iii
Authentication Encryption Stream Encryption Block Encryption Authenticated Encryptior Renegotiation 445 Alert Protocol Connection Closure Cryptographic Operations Pseudorandom Functior Master Secret Cipher Suites 499 Extensions Application Layer Protoco Negotiation Certificate transparency 288 Eliptic Curve Capabilti Heartheat 45 Next Protoco Negotiation Secure Renegotiation Server Name Indication Session Tickets 758 Signature Algorithms OCSP Stapling 959 Protoco Limitations Differences between Protocol Versions SSI 3 s1.0 61 TISL1 Ts1.2 62 3.Public-Key Infrastructure 6 Standards Certificate Fields 6切 Certificate Certificate Chains 8刀 Relying Parties
Authentication 41 Encryption 42 Stream Encryption 42 Block Encryption 43 Authenticated Encryption 44 Renegotiation 45 Application Data Protocol 47 Alert Protocol 47 Connection Closure 47 Cryptographic Operations 48 Pseudorandom Function 48 Master Secret 48 Key Generation 49 Cipher Suites 49 Extensions 52 Application Layer Protocol Negotiation 53 Certicate Transparency 53 Elliptic Curve Capabilities 54 Heartbeat 55 Next Protocol Negotiation 56 Secure Renegotiation 57 Server Name Indication 57 Session Tickets 58 Signature Algorithms 59 OCSP Stapling 59 Protocol Limitations 60 Differences between Protocol Versions 60 SSL 3 60 TLS 1.0 61 TLS 1.1 61 TLS 1.2 62 3. Public-Key Infrastructure . 63 Internet PKI 63 Standards 65 Certicates 66 Certicate Fields 67 Certicate Extensions 68 Certicate Chains 71 Relying Parties 72 iv
Certification Authorities 74 Certificate Lifecycle Revocation 24万 Weaknesses Root Key Compromise Ecosystem Measurements Improvements 4.Attacks against PKI VeriSign Microsoft Code-Signing Certificate 87 Thawte login.live.com StartCom Breach (2008 CertStar (Comodo)mozilla certificate RapidSSL Rogue CA Certificate Chosen-Prefix Collision Attack Construction of Colliding Certificates Predicting the Prefix What Happened Nex Comodo Resellers Breaches StartCom Breach (2011) DigiNota Public Discovery Fall of a Certification Authority Man-in-the-Middle Attacks ComodoHacker Claims Responsibility DigiCert Sdn.Bhd. Flame Flame against Windows Update 899022466999004660090 Flame against Windows Terminal Services Flame against MD5 TURKTRUST ANSSI Widespread SSL Interception Gogo 5.HTTP and Browser Issues. Sidejacking Cookie Stealing Cookie Manipulation 118 Understanding HTTP Cookies 119
Certication Authorities 74 Certicate Lifecycle 74 Revocation 76 Weaknesses 76 Root Key Compromise 79 Ecosystem Measurements 80 Improvements 82 4. Attacks against PKI . 87 VeriSign Microsoft Code-Signing Certicate 87 Thawte login.live.com 88 StartCom Breach (2008) 89 CertStar (Comodo) Mozilla Certicate 89 RapidSSL Rogue CA Certicate 90 Chosen-Prex Collision Attack 92 Construction of Colliding Certicates 92 Predicting the Prex 94 What Happened Next 96 Comodo Resellers Breaches 96 StartCom Breach (2011) 98 DigiNotar 99 Public Discovery 99 Fall of a Certication Authority 99 Man-in-the-Middle Attacks 102 ComodoHacker Claims Responsibility 103 DigiCert Sdn. Bhd. 104 Flame 105 Flame against Windows Update 106 Flame against Windows Terminal Services 107 Flame against MD5 107 TURKTRUST 109 ANSSI 110 Widespread SSL Interception 111 Gogo 111 Supersh and Friends 112 5. HTTP and Browser Issues . 115 Sidejacking 115 Cookie Stealing 117 Cookie Manipulation 118 Understanding HTTP Cookies 119 v
Cookie Manipulation Attacks Impact Mitigation SSL Stripping MITM Certificates Certificate Warnings Why So Many Invalid Certificates? Effectiveness of Certificate Warnings Click-Through Warnings versus Exceptions Mitigation Security Indicators Mixed Content Root Causes Impact Browser Treatment Prevalence of Mixed Conten Mitigation 222722ME%4444 Certificate Revocation Inadequate Client-Side Support Key Issues with Revocation-Checking Standards Certificate Revocation Lists Online Certificate Status Protocol Certificate Validation Flaws Library and Platform Validation Failures Application Validation Failures Hostname validation issues Random Number Generation Netscape Navigator (1994 Debian(2006) Insufficient Entropy on Embedded Devices Heartbleed Impact Mitigatior FREAK Export Cryptography Attack mpact and Mitigatior 171
Cookie Manipulation Attacks 120 Impact 124 Mitigation 124 SSL Stripping 125 MITM Certicates 127 Certicate Warnings 128 Why So Many Invalid Certicates? 129 Effectiveness of Certicate Warnings 131 Click-Through Warnings versus Exceptions 132 Mitigation 133 Security Indicators 133 Mixed Content 135 Root Causes 136 Impact 138 Browser Treatment 138 Prevalence of Mixed Content 140 Mitigation 141 Extended Validation Certicates 142 Certicate Revocation 143 Inadequate Client-Side Support 143 Key Issues with Revocation-Checking Standards 144 Certicate Revocation Lists 145 Online Certicate Status Protocol 148 6. Implementation Issues . 153 Certicate Validation Flaws 154 Library and Platform Validation Failures 154 Application Validation Failures 157 Hostname Validation Issues 158 Random Number Generation 160 Netscape Navigator (1994) 160 Debian (2006) 161 Insufcient Entropy on Embedded Devices 162 Heartbleed 164 Impact 165 Mitigation 166 FREAK 167 Export Cryptography 168 Attack 168 Impact and Mitigation 171 vi