closing the gap in tls adoption
TRANSCRIPT
CLOSING THE GAP IN TLSADOPTION...
...OR: HELPING TO MAKE HTTPS A NEW DEFAULT IN WEB 2016PyCon Finland
Joona Hoikkala ( )@joohoi
SOME CONTEXT FIRST (THE BORING STUFF)
TLS?USING HTTPS AS EXAMPLE
THE CASTCerti�cate Authority (CA)
Host
Client
WHY DO WE NEED IT?MITM protection
Content injectionSession hijackingContent censorship
HTTP/2SEONOT slowing others down
SOUNDS IMPORTANT, WHAT'S THE PROBLEM?Obtaining a signed certi�cate is (was) painful
It used to be costly to get a lot of certs signedManual process, increased deployment time and complexityManagement overhead because of that.Tedious con�guration
CONFIGURATION ISSUESSSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256 -GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:EC DHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES 256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-S HA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL :!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLHonorCipherOrder on SSLCompression off
SSLOptions +StrictRequire
IS IT HARD?Well, it's not. If you have a small and controlled clientpool ... like web!
HTTPD CONFIGURATIONSearching for examples from web easily yields weak / vulnerable , outdated
con�guration.
Willing to commit on keeping the con�guration up to date?
WE CAN FIX IT!CA: Let's EncryptAutomation & con�guration: CertbotCommunicating via: ACME
SO WE'RE GETTING THERESLOWLY BUT FASTER THAN EVER
Short lived certi�cates - 90dOnly DV , no plans for wildcardsSome limits in place, but high enoughKey principles: Free , Automatic , Secure ,
Transparent , Open , Cooperative
ACME, third version
JSON over HTTPSHas it all: accounts, TOS, challenges, etc.
IETF draft
ACME CHALLENGES
ACME CHALLENGESHTTP
Only port 80Place �le named <?> containing <?> to your web root
TLS-SNIOnly port 443Respond to TLS connection using SNI extension and by providingspecially crafted self signed challenge certi�cate
DNSTXT record for _acme-challenge.your.domain.tld with value <?>
SO THAT'S THE CONTEXT(PHEW)
EFF's ACME clientPreviously called "letsencrypt", renamed spring 2016Creates and manages x509 certi�cates for you
Con�gures your server software for youOptionally manage only the TLS part of yourcon�guration
CERTBOT ANATOMYAuthenticator / Installer plugin architecture.
Standalone plugin (HTTP / TLS-SNI)Webroot plugin (HTTP)Manual plugin (HTTP / DNS)Apache plugin (TLS-SNI)Nginx plugin (TLS-SNI)
Coming: Script plugin (HTTP / DNS)
TIDBITS
BOOTSTRAPPINGPeep / Pip 8 provides hash-checking mode
ConfigArgParse==0.10.0 \ --hash=sha256:3b50a83dd58149dfcee98cb6565265d10b53e9c0a2bca7eeef7fb5f5524890a7 configobj==5.0.6 \ --hash=sha256:a2f5650770e1c87fb335af19a9b7eb73fc05ccf22144eb68db7d00cd2bcb0902 cryptography==1.3.4 \ --hash=sha256:bede00edd11a2a62c8c98c271cc103fa3a3d72acf64f6e5e4eaf251128897b17 \ --hash=sha256:53b39e687b744bb548a98f40736cc529d9f60959b4e6cc551322cf9505d35eb3 \ --hash=sha256:474b73ad1139b4e423e46bbd818efd0d5c0df1c65d9f7c957d64c9215d77afde \ --hash=sha256:aaddf9592d5b99e32dd518bb4a25b147c124f9d6b4ad64b94f01b15d1666b8c8 \ --hash=sha256:6dcad2f407db8c3cd6ecd78361439c449a4f94786b46c54507e7e68f51e1709d \ --hash=sha256:475c153fc622e656f1f10a9c9941d0ac7ab18df7c38d35d563a437c1c0e34f24 \ --hash=sha256:86dd61df581cba04e89e45081efbc531faff1c9d99c77b1ce97f87216c356353 \ --hash=sha256:75cc697e4ef5fdd0102ca749114c6370dbd11db0c9132a18834858c2566247e3 \ --hash=sha256:ea03ad5b9df6d79fc9fc1ab23729e01e1c920d2974c5e3c634ccf45a5c378452 \ --hash=sha256:c8872b8fe4f3416d6338ab99612f49ab314f7856cb43bffab2a32d28a6267be8 \ ...
CONFIGURATION PARSING & MANAGEMENTNginx plugin uses pyparse
Apache however needs some serious heavy lifting ...
ENTER AUGEASWritten in C, has Python bindingsSupports wide variety of different con�g formats through
parsing templates called lensesCreates DOM like tree structure of con�gurationUses XPath convention for matching
AUGEAS IS NOT VERY PYTHONIC, BUT IT'S GOOD
SUPPORTING "ALL" LINUX DISTRIBUTIONSSo every distro is a bit of a special snow�ake with own
con�guration paradigms , own control scripts for softwareetc.
... so we need to detect what we're being run on.
Standard library platform.linux_distribution() is deprecatedand it's going to be removed in 3.7
SYSTEMD TO THE RESCUE/etc/os-release
Allows us to �nd out what �avor we're runningAnd if we don't have exact constants for that �avor, we canuse value of LIKE
PRETTY_NAME="Debian GNU/Linux 8 (jessie)" NAME="Debian GNU/Linux" VERSION_ID="8" VERSION="8 (jessie)" ID=debian HOME_URL="http://www.debian.org/" SUPPORT_URL="http://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/"
TIPS & TRICKSUse Nginx as a reverse proxy to terminate TLS
Generic webroot
DNS authentication works wonders behind �rewalls , inmail servers for example.
Don't try this at home : Docker API watchdog to triggeron container creation to get a certi�cate based on thecreated container environment variables (hostnames etc)in conjunction with nginx reverse proxy terminating theSSL likewise using API watchdog
DEMO TIME!
QUESTIONS? - Certbot sitehttps://certbot.eff.org/
- Certbot Githubhttps://github.com/certbot/certbot
- Let's Encrypt projecthttps://letsencrypt.org
- CA (Boulder) repohttps://github.com/letsencrypt/boulder
/ [email protected]@joohoi