A summary of recent HTTPS developments

1. HTTPS
This is not HTTP over TLS

2. SSL is dead
• HTTP = Hypertext Transfer Protocol
• HTTPS = HTTP Secure
• TLS = Transport Layer Security
• SSL = Secure Sockets Layer
• SSL v3 is effectively dead since POODLE in 2014
• X.509 Certificate

3. Why is HTTPS more than HTTP + TLS?
• Mixed mode requests
• BTW, don’t use protocol relative URLs (eg //domain/resource)
• CORS considers HTTP and HTTPS to be different origins
• secure attribute on cookies
• Not really
• Strictly secure cookies in draft
• Prefixed cookies in draft (eg __Host- or __Secure- )
• Referer HTTP request header
• “Opportunistic Security for HTTP” IETF draft is just HTTP + TLS

4. HTTPS Verification Basics
• Certificate validity period
• Certificate chain trusted
• Common Name, Subject Alternative Name (SAN), wildcards
• Certificate Revocation List
• Extended Validation Certificate
• Mixed-mode resources

5. Further HTTPS Verification
• Signature hash function
• MD5 drops the connection in IE
• SHA1 sunset
• OCSP Stapling and Must Staple TLS Feature Extension
• Certificate Transparency
• HTTP Public Key Pinning
• Requires backup keys. CSRs are sufficient.

6. Other recent HTTPS developments
• Server Name Indication (SNI)
• HTTP Strict Transport Security (HSTS)
• Browser preloading
• Content Security Policies
• Upgrade Insecure Requests
• Referrer Policy (draft)
• AWS Certificate Manager
• Let’s Encrypt https://letsencrypt.org/

7. Why implement HTTPS well?
•Security
•Trust
•Compliance
•SEO
•Performance

8. Security
• Forward Secrecy
• Diffie Hellman key exchange (EDH/DHE)
• Elliptic Curve Digital Signature Algorithm (ECDSA)
• Equivalent security with smaller keys means faster operations

9. Security - Vulnerabilities
• HeartBleed – attacks OpenSSL bug, upgrade or switch.
• POODLE – attacks padding in SSL v3.0, disable it.
• Logjam – attacks DHE ciphers, mitigate with 2048+ bit DH params.
• BEAST – attacks CBC mode of AES, mitigated in TLS v1.1
• Lucky13 – a CBC padding timing-attack, mitigated in impl.
• CRIME – attacks TLS compression, disable it
• BREACH – attacks HTTP compression. Various mitigations.
• Don’t use RC4 – prohibited in Feb 2015 by RFC 7465

10. Trust
• Extended Validation Certificates
• Chrome Page Security Icon
• Since October, HTTPS with minor errors does not show any padlock
• Qualys SSL Labs A+ Grade
• Zero warnings (ie A Grade)
• HSTS header valid for at least six months
• Certificate must not be SHA1 signed
• TLS_FALLBACK_SCSV “fake” cipher suite must be handled

11. Compliance
• Payment Card Industry Data Security Standard (PCI DSS)
• Version 3.1 from April 2015 scheduled TLS 1.0 deprecation for July 2016
• Revised in December 2015 to postpone deprecation to 2018 instead

12. SEO
• Google Page Rank
• Starting August 2014, HTTPS sites are given a (slightly) higher rank.
• Rank only awarded to “strong” HTTPS.

13. Performance
• Is TLS fast yet? https://istlsfastyet.com/
• Session resumption, session tickets
• TLS False Start
• TLS v1.3
• TCP Fast Open to send TLS ClientHello with SYN
• HTTP/2
• Multiplexing
• Connection sharing and the domain-sharding anti-pattern
• Server push

14. Challenges
• User-Agent support
• .NET v4 is TLS v1.0 only.
• .NET v4.5 can do TLS v1.1 and v1.2 if explicitly enabled.
• Different cipher naming conventions across implementations
• IANA
• OpenSSL
• GnuTLS
• NSS
• Debugging
• Tooling

15. Thank you
• Jason Stangroome
• @jstangroome
• https://section.io/
• https://blog.stangroome.com/