《网络安全基础》课程教学资源（书籍文献）Bulletproof SSL and TLS，Ivan Ristić，Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications

Protocol Downgrade Attacks 172 Rollback Protection in SSL3 Interoperability problems Voluntary Rollback Protection in Tls l0 and Better Attacking Voluntary Protocol Downgrade Modern Rollback Defenses Truncation attacks Truncation Attack History Cookie cutting Deployment Weaknesses Virtual Host confusion TLS Session Cache Sharing 7.Protocol Attacks. Isure Renegotiation Why Was Renegotiation Insecure? Triggering the Weakness Attacks against HTTP Attacks against Other Protocos Insecure Renegotiation Issues Introduced by Architecture Impact Mitigation Discovery and remediation timeline BEAST How the Attack Works Client-Side Mitigation Server-Side Mitigation History Impact Compression Side Channel Attacks How the Compression Oracle Works History of Attacks 1757777888888899994990902020000000002420222 CRIME Mitigation of Attacks against TLS and SPDY Mitigation of Attacks against HTTP Compression Lucky 13 What Is a Padding Oracle? Attacks against TLS Impact

Protocol Downgrade Attacks 172 Rollback Protection in SSL 3 173 Interoperability Problems 174 Voluntary Protocol Downgrade 176 Rollback Protection in TLS 1.0 and Better 178 Attacking Voluntary Protocol Downgrade 179 Modern Rollback Defenses 179 Truncation Attacks 181 Truncation Attack History 182 Cookie Cutting 182 Deployment Weaknesses 184 Virtual Host Confusion 185 TLS Session Cache Sharing 186 7. Protocol Attacks . 187 Insecure Renegotiation 187 Why Was Renegotiation Insecure? 188 Triggering the Weakness 189 Attacks against HTTP 190 Attacks against Other Protocols 193 Insecure Renegotiation Issues Introduced by Architecture 194 Impact 194 Mitigation 194 Discovery and Remediation Timeline 195 BEAST 197 How the Attack Works 197 Client-Side Mitigation 201 Server-Side Mitigation 203 History 204 Impact 205 Compression Side Channel Attacks 207 How the Compression Oracle Works 207 History of Attacks 209 CRIME 210 Mitigation of Attacks against TLS and SPDY 218 Mitigation of Attacks against HTTP Compression 219 Lucky 13 220 What Is a Padding Oracle? 220 Attacks against TLS 221 Impact 222 vii

Mitigation 223 RC4 Weaknesses Key Scheduling Weaknesses Early Single-Byte Biases Biases across the First 256 Bytes Double-Byte Biases Improved Attacks against Passwords Mitigation:RC4 versus BEAST,Lucky 13,and POODLE Triple Handshake Attack The Attack Impact Prerequisites Mitigation POODLE Practical Attack Impact Mitigation Bullrur Dual Elliptic Curve Deterministic Random Bit Generator 8.Deploymen Key Key Algorithm Key Size Key Management Certificate Certificate Hostnames Certificate Sharing Signature Algorithm Certificate Chain Revocation Choosing the Right certificate authority Cipher Suite Configuration Server cipher suite erence Cipher Strength Forward Secrec Performance 258

Mitigation 223 RC4 Weaknesses 224 Key Scheduling Weaknesses 224 Early Single-Byte Biases 225 Biases across the First 256 Bytes 226 Double-Byte Biases 228 Improved Attacks against Passwords 229 Mitigation: RC4 versus BEAST, Lucky 13, and POODLE 229 Triple Handshake Attack 230 The Attack 231 Impact 234 Prerequisites 235 Mitigation 236 POODLE 237 Practical Attack 240 Impact 241 Mitigation 242 Bullrun 243 Dual Elliptic Curve Deterministic Random Bit Generator 244 8. Deployment . 247 Key 247 Key Algorithm 247 Key Size 248 Key Management 249 Certicate 250 Certicate Type 250 Certicate Hostnames 251 Certicate Sharing 251 Signature Algorithm 252 Certicate Chain 253 Revocation 254 Choosing the Right Certicate Authority 254 Protocol Conguration 255 Cipher Suite Conguration 256 Server cipher suite preference 256 Cipher Strength 257 Forward Secrecy 257 Performance 258 Interoperability 258 viii

Server Configuration and Architecture Shared Virtual Secure Hosting Session Caching Complex Architectures Issue Mitigation Renegotiation BEAST (HTTP CRIME(HTTP Lucky 13 RC4 TIME and BREACH (HTTP) Triple Handshake Attack Heartbleed Pinning HTTP Making Full Use of Encryption Cookie Security Backend Certificate and Hostname Validatior HTTP Strict Transport Security Protocol Downgrade Protection 9 Performance ontimization Latency and Connection Management TCP Optimization Connection Persistence SPDY,HTTP 2.0.and Beyond Content Delivery Network TLS Protocol Optimization Key Exchange Certificates Revocation Checking Session Resumption Transport Overhead Svmmetric Encrvption TLS Record Buffering Latency Interoperability Hardware Acceleration Denial of Service Attacks

Server Conguration and Architecture 259 Shared Environments 259 Virtual Secure Hosting 259 Session Caching 260 Complex Architectures 260 Issue Mitigation 262 Renegotiation 262 BEAST (HTTP) 262 CRIME (HTTP) 262 Lucky 13 263 RC4 263 TIME and BREACH (HTTP) 264 Triple Handshake Attack 265 Heartbleed 265 Pinning 266 HTTP 266 Making Full Use of Encryption 266 Cookie Security 267 Backend Certicate and Hostname Validation 267 HTTP Strict Transport Security 267 Content Security Policy 268 Protocol Downgrade Protection 268 9. Performance Optimization . 269 Latency and Connection Management 270 TCP Optimization 271 Connection Persistence 272 SPDY, HTTP 2.0, and Beyond 274 Content Delivery Networks 275 TLS Protocol Optimization 277 Key Exchange 277 Certicates 281 Revocation Checking 282 Session Resumption 283 Transport Overhead 284 Symmetric Encryption 286 TLS Record Buffering Latency 288 Interoperability 290 Hardware Acceleration 290 Denial of Service Attacks 291 ix

Key Exchange and Encryption CPU Costs 2 Client-Initiated Renegotiation Optimized TLS Denial of Service Attacks 10.HSTS,CSP,and Pinning. HTTP Strict Transport Security Configuring HSTS Ensuring Hostname Coverage Cookie Security Attack Vectors Robust Deployment Checklist Browser Support Privacy Implications Content security Policy Preventing Mixed Content Issues Policy Testing Reporting Browser Support Pinning What to Pin? Where to Pin? Should You Use Pinning? Native Application Chrome Public Key Pinning Microsoft Enhanced Mitigation Experience Toolkit Public Key Pinning Extension for HTTP DANE Trust Assertions for Certificate Keys (TACK) Certification Authority Authorization 第9909000000000400000000000001111111101320244081 11.OpenSSL Getting Started Determine OpenSSL Version and Configuration Building OpenSSL Examine Available Commands Building a Trust Store Key and Certificate Managemen Key Generation 20 Creating Certificate Signing Requests Creating CSRs from Existing Certificates Unattended CSR Generation 335

Key Exchange and Encryption CPU Costs 292 Client-Initiated Renegotiation 293 Optimized TLS Denial of Service Attacks 293 10. HSTS, CSP, and Pinning . 295 HTTP Strict Transport Security 295 Conguring HSTS 296 Ensuring Hostname Coverage 297 Cookie Security 298 Attack Vectors 299 Robust Deployment Checklist 300 Browser Support 302 Privacy Implications 303 Content Security Policy 303 Preventing Mixed Content Issues 304 Policy Testing 305 Reporting 306 Browser Support 306 Pinning 307 What to Pin? 308 Where to Pin? 309 Should You Use Pinning? 310 Pinning in Native Applications 311 Chrome Public Key Pinning 312 Microsoft Enhanced Mitigation Experience Toolkit 314 Public Key Pinning Extension for HTTP 314 DANE 316 Trust Assertions for Certicate Keys (TACK) 320 Certication Authority Authorization 321 11. OpenSSL . 323 Getting Started 324 Determine OpenSSL Version and Conguration 324 Building OpenSSL 325 Examine Available Commands 326 Building a Trust Store 328 Key and Certicate Management 329 Key Generation 330 Creating Certicate Signing Requests 333 Creating CSRs from Existing Certicates 335 Unattended CSR Generation 335 x

Signing Your Own Certificates 336 Examining Certificates Key and Certificate Conversior Configuration Cipher Suite Selection Performance Creating a Private Certification Authority Features and Limitations Creating a Root CA Creating a Subordinate CA 12.Testing with OpenSSL Connecting to SSL Services Testing Protocols that Upgrade to SSL Using Different Handshake Formats Extracting Remote Certificates Testing Protoco Suppor Testing Cipher Suite Support Testing Servers that Require SN Testing Session Reuse Checking OCSP Revocatior Testing OCSP Stapling Checking CRL Revocation Testing Renegotiation Testing for the BEAST Vulnerability Testing for Heartbleed 13.Configuring Apache stalling Apache with Static OpenSS Enabling TLS Configuring TLS Protoco Configuring Keys and Certificates Configuring Multiple Keys Wildcard and Multisite Certificates Virtual Secure Hosting Reserving Default Sites for Error Messages Forward Secrecy OCSP Stapling Configuring OCSP Stapling 4 Handling Errors 403

Signing Your Own Certicates 336 Creating Certicates Valid for Multiple Hostnames 336 Examining Certicates 337 Key and Certicate Conversion 340 Conguration 343 Cipher Suite Selection 343 Performance 355 Creating a Private Certication Authority 358 Features and Limitations 358 Creating a Root CA 359 Creating a Subordinate CA 365 12. Testing with OpenSSL . 369 Connecting to SSL Services 369 Testing Protocols that Upgrade to SSL 374 Using Different Handshake Formats 374 Extracting Remote Certicates 374 Testing Protocol Support 375 Testing Cipher Suite Support 376 Testing Servers that Require SNI 377 Testing Session Reuse 377 Checking OCSP Revocation 379 Testing OCSP Stapling 381 Checking CRL Revocation 382 Testing Renegotiation 384 Testing for the BEAST Vulnerability 386 Testing for Heartbleed 387 13. Con‚guring Apache . 391 Installing Apache with Static OpenSSL 392 Enabling TLS 393 Conguring TLS Protocol 394 Conguring Keys and Certicates 395 Conguring Multiple Keys 396 Wildcard and Multisite Certicates 397 Virtual Secure Hosting 398 Reserving Default Sites for Error Messages 400 Forward Secrecy 401 OCSP Stapling 402 Conguring OCSP Stapling 402 Handling Errors 403 xi