Secure Socket Layer (SSL)
Transport Layer Security (TLS)
- © André Zúquete
- Advanced Network Security
TLS (Transport Layer Security, RFC 5246):
Goals
w
Secure communication protocol over TCP/IP
®
Standard inspired by SSL V3 (Secure Sockets Layer)
®
Handles secure sessions per application over TCP/IP
• Initially conceived for HTTP traffic • Currently being used by other kinds of traffic
w
Security mechanisms
®
TCP payload protection
• Confidentiality • Stream integrity
Key distribution
®®
Peer authentication
• Server authentication (the normal scenario) • Client authentication
•
Usually a person Not usually explored
•
© André Zúquete
Advanced Network Security
1
Change Cipher Spec.
IMAP, etc.
Handshake Protocol
Alert Protocol
HTTP
TLS/SSL:
IMAP, etc.
HTTP
Record Protocol
TCP
Protocols
w Handshake Protocol
® Key distribution
• Master secrets (48 bytes)
• Computed with DH; or • Chose by the client, upload to the server encrypted with the server’s public key
• Session keys
• Computed from a master secret and two nonces exchanged
® Peer authentication
• Asymmetric encryption with long-term or ephemeral keys • Public key certificates for long-term public keys
w Record Protocol
® Handling of secure data records ® Compression, confidentiality, integrity control
© André Zúquete
Advanced Network Security
TLS/SSL versions
w SSL
® 1.0 ® 2.0: 1995, prohibited by RFC 6176 (2011) ® 3.0: 1996, RFC 6101 (2011), deprecated by RFC 7568 (2015)
w TLS
SSL BEAST
(2011)
® 1.0: 1999: RFC 2246 ® 1.1: 2006: RFC 4346 ® 1.2: 2008: RFC 5246 ® 1.3: 2018: RFC 8446
© André Zúquete
Advanced Network Security
2
TLS/SSL:
Operational aspects
w Client-server model
® As in a TCP connection
w Applications define some operational details
® Peer authentication
• If required, how it should be done
® Algorithms (cipher suites)
• Both present their possibilities • Server selects one from a common set
® Session key management
• Lifetime of a master secret • Lifetime of a session key
• Equal or smaller than the lifetime of a TCP connection
© André Zúquete
Advanced Network Security
SSL/TLS:
Interactions diagram (1st part)
© André Zúquete
Advanced Network Security
3
SSL/TLS:
Interactions diagram (2nd part)
© André Zúquete
Advanced Network Security
Normal port
TLS/SSL port
Protocols
HTTP IMAP POP3
TLS/SSL:
80
443 993 995 465 636
143 110 25
Usage
SMTP LDAP
w Just a standard protocol
389
® No standard API
Explore only a subset of
TLS/SSL features
w Common interfaces
® SSLref
• Reference SSL API
® SSLeay, OpenSSL
• APIs of public SSL implementations
w Usage by servers
® Two interfaces
• A conventional one (usencure), with the normal transport port • Another over SSL, with a new transport port
® The client defines its intensions upon the used interface
© André Zúquete
Advanced Network Security
4
stunnel
w General purpose client/server SSL tunnel
Server w/
SSL
Legacy
client app
Client
stunnel
- SSL
- TCP
Server
stunnel
Legacy
server
Client app
w/ SSL
SSL
TCP
TCP
Legacy
client app
Client
stunnel
Server
stunnel
Legacy
server
- TCP
- SSL
© André Zúquete
Advanced Network Security
stunnel authentication
w An stunnel server provides a certificate of its own
® Not a certificate of the services it gives access to
w Certificate validation has several flavors
® No validation ® Validation with standard rules ® Validation with pre-loaded, self-signed certificate
• Somewhat similar to SSH
© André Zúquete
Advanced Network Security
5