文档详细内容(约529页)
But don't let that deceive you;if you take away the HTTP chapters,the remaining content (about two-thirds of the book)provides generic advice that can be applied to any protocol that uses TLS.The OpenSSL,Java,and Microsoft chapters provide protocol-generic infor- mation for their respective platforms. That said,if you're looking for configuration examples for products other than web servers you won't find them in this book.The main reason is that-unlike with web servers,for which the market is largely split among a few major platforms-there are a great many products of other types.It was quite a challenge to keep the web server advice up-to-date being faced with nearly constant changes.I wouldn't be able to handle a larger scope.There- fore,my intent is to publish additional configuration examples online and hopefully provide the initial spark for a community to form to keep the advice up-to-date. Contents This book has 16 chapters,which can be grouped into several parts.The parts build on one another to provide a complete picture,starting with theory and ending with practical ad- vice. The first part,chapters 1 through 3,is the foundation of the book and discusses cryptogra- phy,SSL,TLS,and PKI: .Chapter 1,SSL,TLS,and Cryptography,begins with an introduction to SSLand TLS and discusses where these secure protocols fit in the Internet infrastructure.The re- mainder of the chapter provides an introduction to cryptography and discusses the classic threat model of the active network attacker. Chapter 2,Protocol,discusses the details of the TLS protocol.I cover TLS 1.2,which is the most recent version.Information about earlier protocol revisions is provided where appropriate.An overview of the protocol evolution from SSL3 onwards is included at the end for reference. Chapter 3,Public-Key Infrastructure,is an introduction to Internet PKI,which is the predominant trust model used on the Internet today.The focus is on the standards and organizations as well as governance,ecosystem weaknesses and possible future im- provements. The second part,chapters 4 through 7,details the various problems with trust infrastruc- ture,our security protocols,and their implementations in libraries and programs: .Chapter 4,Attacks against PKI,deals with attacks on the trust ecosystem.It covers all the major CA compromises,detailing the weaknesses,attacks,and consequences.This chapter gives a thorough historical perspective on the security of the PKI ecosystem, which is important for understanding its evolution Contents 惨
But don’t let that deceive you; if you take away the HTTP chapters, the remaining content (about two-thirds of the book) provides generic advice that can be applied to any protocol that uses TLS. e OpenSSL, Java, and Microsoft chapters provide protocol-generic information for their respective platforms. at said, if you’re looking for configuration examples for products other than web servers you won’t find them in this book. e main reason is that—unlike with web servers, for which the market is largely split among a few major platforms—there are a great many products of other types. It was quite a challenge to keep the web server advice up-to-date, being faced with nearly constant changes. I wouldn’t be able to handle a larger scope. erefore, my intent is to publish additional configuration examples online and hopefully provide the initial spark for a community to form to keep the advice up-to-date. Contents is book has 16 chapters, which can be grouped into several parts. e parts build on one another to provide a complete picture, starting with theory and ending with practical advice. e first part, chapters 1 through 3, is the foundation of the book and discusses cryptography, SSL, TLS, and PKI: • Chapter 1, SSL, TLS, and Cryptography, begins with an introduction to SSL and TLS and discusses where these secure protocols fit in the Internet infrastructure. e remainder of the chapter provides an introduction to cryptography and discusses the classic threat model of the active network attacker. • Chapter 2, Protocol, discusses the details of the TLS protocol. I cover TLS 1.2, which is the most recent version. Information about earlier protocol revisions is provided where appropriate. An overview of the protocol evolution from SSL 3 onwards is included at the end for reference. • Chapter 3, Public-Key Infrastructure, is an introduction to Internet PKI, which is the predominant trust model used on the Internet today. e focus is on the standards and organizations as well as governance, ecosystem weaknesses and possible future improvements. e second part, chapters 4 through 7, details the various problems with trust infrastructure, our security protocols, and their implementations in libraries and programs: • Chapter 4, Attacks against PKI, deals with attacks on the trust ecosystem. It covers all the major CA compromises, detailing the weaknesses, attacks, and consequences. is chapter gives a thorough historical perspective on the security of the PKI ecosystem, which is important for understanding its evolution. Contents xvii
Chapter 5,HTTP and Browser Issues,is all about the relationship between HTTP and TLS,the problems arising from the organic growth of the Web,and the messy interac- tions between different pieces of the web ecosystem Chapter 6,Implementation Issues,deals with issues arising from design and program ming mistakes related to random number generation,certificate validation,and other key TLS and PKI functionality.In addition,it discusses voluntary protocol downgrade and truncation attacks and also covers Heartbleed. Chapter 7,Protocol Attacks,is the longest chapter in the book.It covers all the major protocol flaws discovered in recent years:insecure renegotiation,BEAST,CRIME, Lucky 13,RC4,TIME and BREACH,and Triple Handshake Attack.A brief discussion of Bullrun and its impact on the security of TLS is also included. The third part,chapters 8 through 10,provides comprehensive advice about deploying TLS in a secure and efficient fashion Chapter 8,Deployment,is the map for the entire book and provides step-by-step in- structions on how to deploy secure and well-performing TLS servers and web applica- tions Chapter 9,Performance Optimization,focuses on the speed of TLS,going into great de tail about various performance improvement techniques for those who want to squeeze every bit of speed out of their servers .Chapter 10,HSTS,CSB and Pinning,covers some advanced topics that strengthen web applications,such as HTTP Strict Transport Security and Content Security Policy.It also covers pinning,which is an effective way of reducing the large attack surface im- posed by our current PKI model. The fourth and final part consists of chapters 11 through 16,which give practical advice about how to use and configure TLS on major deployment platforms and web servers and how to use OpenSSL to probe server configuration: Chapter 11,OpenSSL,describes the most frequently used OpenSSL functionality,with a focus on installation,configuration,and key and certificate management.The last section in this chapter provides instructions on how to construct and manage a private certification authoritv. Chapter 12,Testing with OpenSSL,continues with OpenSSL and explains how to use its command-line tools to test server configuration.Even though it's often much easier to use an automated tool for testing,OpenSSL remains the tool you turn to when you want to be sure about what's going on. .Chapter 13,Configuring Apache,discusses the TLS configuration of the popular Apache httpd web server.This is the first in a series of chapters that provide practical advice to match the theory from the earlier chapters.Each chapter is dedicated to one major technology segment. Preface
• Chapter 5, HTTP and Browser Issues, is all about the relationship between HTTP and TLS, the problems arising from the organic growth of the Web, and the messy interactions between different pieces of the web ecosystem. • Chapter 6, Implementation Issues, deals with issues arising from design and programming mistakes related to random number generation, certificate validation, and other key TLS and PKI functionality. In addition, it discusses voluntary protocol downgrade and truncation attacks and also covers Heartbleed. • Chapter 7, Protocol Attacks, is the longest chapter in the book. It covers all the major protocol aws discovered in recent years: insecure renegotiation, BEAST, CRIME, Lucky 13, RC4, TIME and BREACH, and Triple Handshake Attack. A brief discussion of Bullrun and its impact on the security of TLS is also included. e third part, chapters 8 through 10, provides comprehensive advice about deploying TLS in a secure and efficient fashion: • Chapter 8, Deployment, is the map for the entire book and provides step-by-step instructions on how to deploy secure and well-performing TLS servers and web applications. • Chapter 9, Performance Optimization, focuses on the speed of TLS, going into great detail about various performance improvement techniques for those who want to squeeze every bit of speed out of their servers. • Chapter 10, HSTS, CSP, and Pinning, covers some advanced topics that strengthen web applications, such as HTTP Strict Transport Security and Content Security Policy. It also covers pinning, which is an effective way of reducing the large attack surface imposed by our current PKI model. e fourth and final part consists of chapters 11 through 16, which give practical advice about how to use and configure TLS on major deployment platforms and web servers and how to use OpenSSL to probe server configuration: • Chapter 11, OpenSSL, describes the most frequently used OpenSSL functionality, with a focus on installation, configuration, and key and certificate management. e last section in this chapter provides instructions on how to construct and manage a private certification authority. • Chapter 12, Testing with OpenSSL, continues with OpenSSL and explains how to use its command-line tools to test server configuration. Even though it’s often much easier to use an automated tool for testing, OpenSSL remains the tool you turn to when you want to be sure about what’s going on. • Chapter 13, Configuring Apache, discusses the TLS configuration of the popular Apache httpd web server. is is the first in a series of chapters that provide practical advice to match the theory from the earlier chapters. Each chapter is dedicated to one major technology segment. xviii Preface�
Chapter 14,Configuring Java and Tomcat,covers Java(versions 7 and 8)and the Tom- cat web server.In addition to configuration information,this chapter includes advice about securing web applications. Chapter 15,Configuring Microsoft Windows and IIS,discusses the deployment of TLS on the Microsoft Windows platform and the Internet Information Server.This chapter also gives advice about the use of TLS in web applications running under ASP.NET. Chapter 16,Configuring Nginx,discusses the Nginx web server,covering the features of the recent stable versions as well as some glimpses into the improvements in the devel- opment branch. SSL versus TLS It is unfortunate that we have two names for essentially the same protocol.In my experi- ence,most people are familiar with the name SSLand use it in the context of transport layer encryption.Some people,usually those who spend more time with the protocols,use or try to make themselves use the correct name,whichever is right in the given context.It's proba- bly a lost cause.Despite that,I tried to do the same.It was a bit cumbersome at times,butI think I managed it by (1)avoiding either name where possible,(2)mentioning both where advice applies to all versions,and (3)using TLS in all other cases.You probably won't no tice,and that's fine. SSL Labs SSL Labs (www.ssllabs.com)is a research project I started in 2009 to focus on the practical aspects of SSL/TLS and PKI.I joined Qualys in 2010,taking the project with me.Initially my main duties were elsewhere,but,as of 2014,SSL Labs has my full attention. The project largely came out of my realization that the lack of good documentation and tools is a large part of why TLS servers are generally badly configured.(Poor default settings being the other major reason.)Without visibility-I thought-we can't begin to work to solve the problem.Over the years,SSL Labs expanded into four key projects: Server test The main feature of SSL Labs is the server test,which enables site visitors to check the configuration of any public web server.The test includes dozens of important checks not available elsewhere and gives a comprehensive view of server configuration.The grading system is easy to understand and helps those who are not security experts differentiate between small and big issues.One of the most useful parts of the test is the handshake simulator,which predicts negotiated protocols and cipher suites with about 40 of the most widely used programs and devices.This feature effectively takes the guesswork out of TLS configuration.In my opinion,it's indispensable. SSL versus TLS
• Chapter 14, Configuring Java and Tomcat, covers Java (versions 7 and 8) and the Tomcat web server. In addition to configuration information, this chapter includes advice about securing web applications. • Chapter 15, Configuring Microsoft Windows and IIS, discusses the deployment of TLS on the Microsoft Windows platform and the Internet Information Server. is chapter also gives advice about the use of TLS in web applications running under ASP.NET. • Chapter 16, Configuring Nginx, discusses the Nginx web server, covering the features of the recent stable versions as well as some glimpses into the improvements in the development branch. SSL versus TLS It is unfortunate that we have two names for essentially the same protocol. In my experience, most people are familiar with the name SSL and use it in the context of transport layer encryption. Some people, usually those who spend more time with the protocols, use or try to make themselves use the correct name, whichever is right in the given context. It’s probably a lost cause. Despite that, I tried to do the same. It was a bit cumbersome at times, but I think I managed it by (1) avoiding either name where possible, (2) mentioning both where advice applies to all versions, and (3) using TLS in all other cases. You probably won’t notice, and that’s fine. SSL Labs SSL Labs (www.ssllabs.com) is a research project I started in 2009 to focus on the practical aspects of SSL/TLS and PKI. I joined Qualys in 2010, taking the project with me. Initially, my main duties were elsewhere, but, as of 2014, SSL Labs has my full attention. e project largely came out of my realization that the lack of good documentation and tools is a large part of why TLS servers are generally badly configured. (Poor default settings being the other major reason.) Without visibility—I thought—we can’t begin to work to solve the problem. Over the years, SSL Labs expanded into four key projects: Server test e main feature of SSL Labs is the server test, which enables site visitors to check the configuration of any public web server. e test includes dozens of important checks not available elsewhere and gives a comprehensive view of server configuration. e grading system is easy to understand and helps those who are not security experts differentiate between small and big issues. One of the most useful parts of the test is the handshake simulator, which predicts negotiated protocols and cipher suites with about 40 of the most widely used programs and devices. is feature effectively takes the guesswork out of TLS configuration. In my opinion, it’s indispensable. SSL versus TLS xix
Client test As a fairly recent addition,the client test is not as well known,but it's nevertheless very useful Its primary purpose is to help us understand client capabilities acrossa large number of devices.The results obtained in the tests are used to power the hand- shake simulator in the server test. Best practices SSL/TLS Deployment Best Practices is a concise and reasonably comprehensive guide that gives definitive advice on TLS server configuration.It's a short document(about 14 pages)that can be absorbed in a small amount of time and used as a server test companion. SSL Pulse Finally,SSL Pulse is designed to monitor the entire ecosystem and keep us informed about how we're doing as a whole.It started in 2012 by focusing on a core group of TLS-enabled sites selected from Alexa's top1 million web sites.Since then,SSL Pulse has been providing a monthly snapshot of key ecosystem statistics. There are also several other smaller projects;you can find out more about them on the SSL Labs web site Online Resources This book doesn't have an online companion(although you can think of SSL Labs as one). but it does have an online file repository that contains the files referenced in the text.The repository is available at github.com/ivanr/bulletproof-tls.In time,I hope to expand this repository to include other useful content that will complement the book To be notified of events and news as they happen,follow @ivanristic on Twitter.TLS is all I do these days,and I try to highlight everything that's relevant.There's hardly any noise.In addition,my Twitter account is where I will mention improvements to the book as they happen. My blog is available at blog.ivanristic.com.This is where I'll react to important ecosystem news and discoveries,announce SSL Labs improvements,and publish my research. If you bought this book in digital form,then you can always log back into your account on the Feisty Duck web site and download the most recent release.A purchase includes unlim- ited access to the updates of the same edition.Unless you modified your email subscription settings,you'll get an email about book updates whenever there's something sufficiently in- teresting,but I generally try to keep the numbers of emails to a minimum(and never use the list for any other purpose). Preface
Client test As a fairly recent addition, the client test is not as well known, but it’s nevertheless very useful. Its primary purpose is to help us understand client capabilities across a large number of devices. e results obtained in the tests are used to power the handshake simulator in the server test. Best practices SSL/TLS Deployment Best Practices is a concise and reasonably comprehensive guide that gives definitive advice on TLS server configuration. It’s a short document (about 14 pages) that can be absorbed in a small amount of time and used as a server test companion. SSL Pulse Finally, SSL Pulse is designed to monitor the entire ecosystem and keep us informed about how we’re doing as a whole. It started in 2012 by focusing on a core group of TLS-enabled sites selected from Alexa’s top 1 million web sites. Since then, SSL Pulse has been providing a monthly snapshot of key ecosystem statistics. ere are also several other smaller projects; you can find out more about them on the SSL Labs web site. Online Resources is book doesn’t have an online companion (although you can think of SSL Labs as one), but it does have an online file repository that contains the files referenced in the text. e repository is available at github.com/ivanr/bulletproof-tls. In time, I hope to expand this repository to include other useful content that will complement the book. To be notified of events and news as they happen, follow @ivanristic on Twitter. TLS is all I do these days, and I try to highlight everything that’s relevant. ere’s hardly any noise. In addition, my Twitter account is where I will mention improvements to the book as they happen. My blog is available at blog.ivanristic.com. is is where I’ll react to important ecosystem news and discoveries, announce SSL Labs improvements, and publish my research. If you bought this book in digital form, then you can always log back into your account on the Feisty Duck web site and download the most recent release. A purchase includes unlimited access to the updates of the same edition. Unless you modified your email subscription settings, you’ll get an email about book updates whenever there’s something sufficiently interesting, but I generally try to keep the numbers of emails to a minimum (and never use the list for any other purpose). xx Preface
Feedback I am fortunate that I can update this book whenever I want to.It's not a coincidence;I made it that way.If I make a change today,it will be available to you tomorrow,after an automated daily build takes place.It's a tad more difficult to update paper books,but,with print on demand,we're able to publish a revision every quarter or so. Therefore,unlike with many other books that might never see a new edition,your feedback matters.If you find an error,it will be fixed in a few days.The same is true for minor im provements,such as language changes or clarifications.If one of the platforms changes in some way or there's a new development,I can cover it.My aim with this book is to keep it up-to-date for as long as there's interest in it. Please write to me at ivanr@webkreator.com. About the author In this section,I get to write about myself in third person;this is my"official"biography: Ivan Ristic is a security researcher,engineer,and author,known especially for his contributions to the web application firewall field and development of ModSecurity,an open source web application firewall,and for his SSL/TLS and PKI research,tools,and guides published on the SSL Labs web site. He is the author of two books,Apache Security and ModSecurity Handbook, which he publishes via Feisty Duck,his own platform for continuous writing and publishing.Ivan is an active participant in the security community,and youl ofe find him speaking at security conferences such as Black Hat,RSA. OWASP AppSec,and others.He's currently Director of Application Security Research at Qualys. I should probably also mention OpenSSL Cookbook,which is a free ebook that combines chapters 11 and 12 from this book and SSL/TLS Deployment Best Practices in one package. Acknowledgments Although I wrote all of the words in this book,I am not the sole author.My words build on an incredible wealth of information about cryptography and computer security scattered among books,standards documents,research papers, conference talks,and blog posts-and even tweets.There are hundreds of people whose work made this book what it is. Over the years,I have been fortunate to correspond about computer security with many people who have enriched my own knowledge of this subject.Many of them lent me a hand by reviewing parts of the manuscript.I am grateful for their help.It's been particularly com- Feedback
Feedback I am fortunate that I can update this book whenever I want to. It’s not a coincidence; I made it that way. If I make a change today, it will be available to you tomorrow, after an automated daily build takes place. It’s a tad more difficult to update paper books, but, with print on demand, we’re able to publish a revision every quarter or so. erefore, unlike with many other books that might never see a new edition, your feedback matters. If you find an error, it will be fixed in a few days. e same is true for minor improvements, such as language changes or clarifications. If one of the platforms changes in some way or there’s a new development, I can cover it. My aim with this book is to keep it up-to-date for as long as there’s interest in it. Please write to me at ivanr@webkreator.com. About the Author In this section, I get to write about myself in third person; this is my “official” biography: Ivan Ristić is a security researcher, engineer, and author, known especially for his contributions to the web application firewall field and development of ModSecurity, an open source web application firewall, and for his SSL/TLS and PKI research, tools, and guides published on the SSL Labs web site. He is the author of two books, Apache Security and ModSecurity Handbook, which he publishes via Feisty Duck, his own platform for continuous writing and publishing. Ivan is an active participant in the security community, and you’ll often find him speaking at security conferences such as Black Hat, RSA, OWASP AppSec, and others. He’s currently Director of Application Security Research at Qualys. I should probably also mention OpenSSL Cookbook, which is a free ebook that combines chapters 11 and 12 from this book and SSL/TLS Deployment Best Practices in one package. Acknowledgments Although I wrote all of the words in this book, I am not the sole author. My words build on an incredible wealth of information about cryptography and computer security scattered among books, standards documents, research papers, conference talks, and blog posts—and even tweets. ere are hundreds of people whose work made this book what it is. Over the years, I have been fortunate to correspond about computer security with many people who have enriched my own knowledge of this subject. Many of them lent me a hand by reviewing parts of the manuscript. I am grateful for their help. It’s been particularly comFeedback xxi
