Scribd
Upload
105 views34 pages

Ssl/Tls Trends, Practices, and Futures: Brian A. Mchenry, Security Solutions Architect @bamchenry

F5SSL Best

Uploaded by

Dhananjai Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
105 views34 pages

Ssl/Tls Trends, Practices, and Futures: Brian A. Mchenry, Security Solutions Architect @bamchenry

F5SSL Best

Uploaded by

Dhananjai Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 34

SSL/TLS Trends, Practices, and

Futures
Brian A. McHenry, Security Solutions Architect
[email protected]
@bamchenry

Agenda
1.

Global SSL Encryption Trends and Drivers

2.

A Few Best Practices

3.

Solutions

4.

Whats Next?

F5 Networks, Inc.

Gartner Says Worldwide Information Security Spending Will


Grow Almost 8 Percent in 2014
Worldwide spending on information security will reach $71.1 billion in 2014
Data loss prevention segment recording the fastest growth at 18.9 percent,
By 2015, roughly 10% of overall IT security enterprise product capabilities will
be delivered in the cloud
Regulatory pressure will increase in Western Europe and Asia/Pacific from
2014

F5 Networks, Inc.

Trajectory and Growth of Encryption


SSL growing ~30% annually. Entering the Fifth wave of transition (IoE)
MARKET AMPLIFIERS

3.5

Customer Trends:

Millions of Certificates (CA)

3.0
2.5

E-Commerce

2.0

Privacy

Mobility

1.5
1.0

S
n
o
w
d
e
n

IoE

PFS/ECC Demanded

SSL Labs Application Scoring

Emerging Standards:

TLS 1.3, HTTP 2.0/SPDY

RSA -> ECC

Thought Leaders and Influence:

0.5
0.0

1998
Source: Netcraft
F5 Networks, Inc.

2002

2006

2010

2014

Google: SHA2, SPDY, Search


Ranking by Encryption

Microsoft: PFS Mandated

Years
4

Timeline of SSL Vulnerabilities & Attacks


August 2009
Insecure renegotiation
vulnerability exposes all
SSL stacks to DoS
attack

August
2009

F5 Networks, Inc.

RFC 5746
TLS extension for secure
renegotiation quickly
mainstreamed

February
2010

BEAST & CRIME


Client-side or MITB
attacks leveraging a
chosen-plaintext flaw in
TLS 1.0 and TLS
compression flaws

September
2011

Lucky 13
Another timing attack.

TIME
RC4 Attacks
Weakness in CBC cipher A refinement and
variation of CRIME
making plaintext
guessing possible

February
2013

March
2013

March
2013

Heartbleed
The end of the Internet
as we know it!

April
2014

And the Hits Just Keep on Coming

F5 Networks, Inc.

The Three Pillars of SSL Everywhere


SSL Intelligence and
Visibility (Full Proxy)
Market Leading Encryption:
Optimized SSL in Hardware
and Software
Cipher Diversity (RSA, ECC,
DSA)
SSL Visibility: Proxy SSL &
Forward Proxy
SSL Traffic Intelligence:
HSTS, HTTP 2.0/SPDY,
OCSP Stapling, TLS
Server Session Ticket

F5 Networks, Inc.

Enterprise key & Certificate


Management
Fully Automated Key and
Certificate Management:
For all BIG-IP platforms
For all vendor platforms
3rd Party Integration for best-
in-class key encryption:
Venafi, Symantec/ VeriSign
PKI Supported Environments

Hardware Security Modules

Advance HSM Support:


Highest Performing HSM
options
Virtualized low-bandwidth
options
Market Leading HSM
Vendor Support

Data Protection: Microsoft and Google Expands Encryption

F5 Networks, Inc.

If You Thought Encryption was confusing


ECC, PFS and Curves
Not all curves are considered equal
Different Authorities:
US NIST (US National Institute of Standards) with 186-2 (recently
superseded in 2009 by the new186-3)
US ANSI (American National Standard Institute) with X9.62
US NSA (National Security Agency) Suite-B Cryptography for TOP
SECRET information exchange
International SACG (Standards for efficient cryptography group)
with Recommended Elliptic Curve Domain Parameters
German ECC Brainpool withECC Brainpool with their Strict
Security Requirements
ECC Interoperability Forum composed by Certicom, Microsoft,
Redhat, Sun, NSA

F5 Networks, Inc.

If You Thought Encryption was confusing


ECC, PFS and Curves
Not all curves are considered equal
Different Names:
Secp256r1, Prime256v1, NIST P-256
Secp384r1, NIST-P384
Different Kinds of Curves:
ECC over Prime Field (Elliptic Curve)
ECC over Binary Field (Koblitz Curve)
Other Curves:
Curve25519 (Google)
Mumford (Microsoft)
Brainpool
DUAL_EC_RBNG
F5 Networks, Inc.

10

Some SSL Best Practices

SSL: Not Just for Security


Google has begun adjusting page rank based on SSL implementations
F5 customers have third-party/B2B requirements for strong encryption
SSL Labs Pulse tool has made testing easy
Users and businesses are choosing services based on Pulse grades

F5 Networks, Inc.

12

Achieving A+ Grades on SSLLabs.com


Set the option for Secure Renegotiation to Require
Disable SSLv2 and SSLv3 (DEFAULT in 11.5+)
Use an explicit, strong cipher string, such as:
!SSLv2:!EXPORT:ECDHE+AES-GCM:ECDHE+AES:ECDHE+3DES:DHE+AESGCM:DHE+AES:DHE+3DES:RSA+AES-GCM:RSA+AES:RSA+3DES:-MD5:-SSLv3:-RC4

Prefer Perfect Forward Secrecy (PFS)


Done via prioritizing Ephemeral (DHE, ECDHE) ciphers in the string above

Enable TLS_FALLBACK_SCSV extension


Enable HTTP Strict Transport Security (HSTS)
iRule prior to TMOS version 12.0
Integrated into HTTP profile in next release
F5 Networks, Inc.

13

HTTP Strict Transport Security iRule


when HTTP_RESPONSE {
HTTP::header insert Strict-Transport-Security "maxage=[expr {$static::expires - [clock seconds]}];
includeSubDomains
}

F5 Networks, Inc.

14

New Feature: HTTP Strict Transport Security


RFC 6797
HSTS is enabled by the Strict-Transport-Security HTTP header
e.g.: Strict-Transport-Security: max-age=10886400; includeSubDomains; preload

When received, browsers will:


Automatically convert HTTP references to HTTPS references
Disallow certificate exemptions (self-signed, etc.)
Cache HSTS information and reuse stored values for new sessions

AVAILABLE IN 12.0
F5 Networks, Inc.

15

HTTP Strict Transport Security Configuration


HTTP Profile Screen

F5 Networks, Inc.

16

F5 Networks, Inc.

17

If I sound smart about crypto

F5 Networks, Inc.

18

SSL Feature Availability


Feature

TMOS

Feature

TMOS

TLS 1.2

10.2.3

10.2.3

ECC

11.4.0

Secure Renegotiation
(RFC 5746)

PFS

11.4.0

TLS_FALLBACK_SCSV

11.5.0

SHA256 (SHA2)

10.2.3

Network HSM

11.2.1

SPDY

11.2.0

Onboard HSM

HTTP 2.0*

11.6.0

SNI

11.1.0

Hybrid Certificates (ECC &


RSA)*

11.5.0

HSTS

F5 Networks, Inc.

iRules/12.0

19

A Peek Under the Hood

Full Proxy Security

Client / Server

Client / Server

Web application

Application health monitoring and performance anomaly detection

Web application

ASM

Application

HTTP proxy, H TTP D DoS and application security

Application

SWG

Proxy SSL (Visibility)

Session

SSL inspection and SSL D DoS mitigation

Session

SSL F orward Proxy


(Visibility)

Network

L4 F irewall: F ull stateful policy enforcement and TCP D DoS mitigation

Network

Physical

F5 Networks, Inc.

Physical

21

BIG-IP Architecture Proxy Chain


Intelligent Full Proxy Benefits

Data Center

Clients

BIG-IP Platform

App point of delivery & definition


App Intelligence - layer 3- 7 visibility

Proxy Chain

Distinct client / server control


Unified services / context
Interoperability and gateway functions

T
C
P

S
S
L

H
T
T
P

P
R
O
X
Y

H
T
T
P

S
S
L

T
C
P

HUD chains are a series of filters which implement the configuration.


The HUD chain is divided into two halves, client and server side.
Filters on HUD chains usually are arranged as client/server pairs.
The two halves are joined by the proxy.
F5 Networks, Inc.

22

BIG-IP Architecture SSL Termination


Intelligent Full Proxy Benefits

Data Center

Clients

BIG-IP Platform

App point of delivery & definition


App Intelligence - layer 3- 7 visibility

Proxy Chain

Distinct client / server control


Unified services / context
Interoperability and gateway functions

T
C
P

S
S
L

H
T
T
P

P
R
O
X
Y

H
T
T
P

S
S
L

T
C
P

Each SSL filter handles connection to device on their side of the proxy.
Normally, the two SSL filters operate completely independently.
Between the two filters, all data is available unencrypted.
To fully offload the backend server, remove the server side SSL filter.
F5 Networks, Inc.

23

BIG-IP Architecture Proxy SSL


Intelligent Full Proxy Benefits

Data Center

Clients

BIG-IP Platform
Allows server to perform client cert auth
L7 content inspection after handshake
Certificate transparent to end user

Proxy Chain
T
C
P

S
S
L

H
T
T
P

P
R
O
X
Y

H
T
T
P

S
S
L

T
C
P

Proxy SSL allows the client certificate to be presented to the server.


Intermediary filters are disabled.
SSL filters operate in monitor mode during the handshake.
Post-handshake, SSL enables decryption and other filters.
F5 Networks, Inc.

24

BIG-IP Architecture Forward SSL


Forward SSL Proxy Benefits
Inspect secure traffic at network edge
Transparent to the end user
Policy based bypass by:
Source IP Address
Destination IP Address
Host Name (SAN,CN,SNI)

Data Center

Clients

BIG-IP Platform

Proxy Chain
T
C
P

S
S
L

H
T
T
P

P
R
O
X
Y

H
T
T
P

S
S
L

T
C
P

Forward SSL is used in Forward Proxy deployments.


Just in time certificate creation is used to decrypt SSL connections.
Enables policy based inspection of secure content.
Requires the ability to create trusted certificates to work.
F5 Networks, Inc.

25

Whats Next?

New Feature: OCSP Stapling


A Quick Primer on Certificate Revocation
If a SSL certificate is stolen or compromised, sites need a way to revoke the
certificate so it will no longer be trusted. Revocation is handled by either CRL or
OCSP.
CRL: Certificate Revocation List
The browser retrieves the list of all revoked certificates from the CA.
The browser then parses the whole list looking for the certificate in question.
OCSP: Online Certificate Status Protocol
The browser sends the certificate to the CA for validation.
The CA responds that the certificate is good, revoked, or unknown.
OCSP is more efficient than CRL, but theres room for improvement!

AVAILABLE IN 11.6
F5 Networks, Inc.

27

OCSP & CRL Checks Hurt Performance


OCSP and CRL checks add significant overhead:
DNS (1334ms)
TCP handshake (240ms)
SSL handshake (376ms)
Follow certificate chain (1011ms)
DNS to CA (300ms)
TCP to CA (407ms)
OCSP to CA #1 (598ms)
TCP to CA #2 (317ms)
OCSP to CA #2 (444ms)
Finish SSL handshake (1270ms)
<T OTA L : 6. 3 Secon d s>

This portion is revocation check overhead.

Add up the time for each step and you'll see that over 30% of the SSL overhead
comes from checking whether the certificate has been revoked.
These checks are serial and block downloads.
F5 Networks, Inc.

28

OCSP Stapling to the Rescue


OCSP Stapling allows the server to attach CA
signed information regarding the certificates
validity.
Processing with OCSP enabled:
DNS (1334ms)
TCP handshake (240ms)
SSL handshake (376ms)
Follow certificate chain (1011ms)
Process OCSP Data (10ms)
Finish SSL handshake (1270ms)
<T O TA L : 4. 2 Secon d s>
OCSP Stap l i n g al so el i mi n ates commu n i cati on
w i th a th i rd p ar ty d u ri n g cer ti fi cate val i d ati on .
Th i s may b e con si d ered b etter secu ri ty si n ce i t
p reven ts i n formati on l eakage.
F5 Networks, Inc.

29

OCSP Stapling Configuration

Changes to Proxy Pool when Use


Proxy Server is enabled

F5 Networks, Inc.

30

OCSP Stapling Configuration


Profile Location

F5 Networks, Inc.

Assignment to Client SSL Profile

31

SSL Everywhere RA Bringing it all Together


SSL termination and inspection from
BIG-IP Local Traffic Manager
(LTM)
Hybrid cipher support for ECC and
RSA ciphers
SSL crypto-offload for additional SSL
capacity
Integration with network HSMs from
SafeNet and Thales for key
management

F5 Networks, Inc.

32

SSL Everywhere

F5 Networks, Inc.

33

You might also like