Secure Socket Layer (SSL) Transport Layer Security (TLS) © André Zúquete Advanced Network Security TLS (Transport Layer Security, RFC 5246): Goals w Secure communication protocol over TCP/IP ® Standard inspired by SSL V3 (Secure Sockets Layer) ® Handles secure sessions per application over TCP/IP • Initially conceived for HTTP traffic • Currently being used by other kinds of traffic w Security mechanisms ® TCP payload protection • Confidentiality • Stream integrity ® Key distribution ® Peer authentication • Server authentication (the normal scenario) • Client authentication • Usually a person • Not usually explored © André Zúquete Advanced Network Security 1 Change Handshake Alert IMAP, Cipher Protocol Protocol HTTP Spec. etc. IMAP, TLS/SSL: HTTP etc. Protocols Record Protocol w Handshake Protocol TCP ® Key distribution • Master secrets (48 bytes) • Computed with DH; or • Chose by the client, upload to the server encrypted with the server’s public key • Session keys • Computed from a master secret and two nonces exchanged ® Peer authentication • Asymmetric encryption with long-term or ephemeral keys • Public key certificates for long-term public keys w Record Protocol ® Handling of secure data records ® Compression, confidentiality, integrity control © André Zúquete Advanced Network Security TLS/SSL versions w SSL ® 1.0 ® 2.0: 1995, prohibited by RFC 6176 (2011) ® 3.0: 1996, RFC 6101 (2011), deprecated by RFC 7568 (2015) w TLS ® 1.0: 1999: RFC 2246 SSL BEAST (2011) ® 1.1: 2006: RFC 4346 ® 1.2: 2008: RFC 5246 ® 1.3: 2018: RFC 8446 © André Zúquete Advanced Network Security 2 TLS/SSL: Operational aspects w Client-server model ® As in a TCP connection w Applications define some operational details ® Peer authentication • If required, how it should be done ® Algorithms (cipher suites) • Both present their possibilities • Server selects one from a common set ® Session key management • Lifetime of a master secret • Lifetime of a session key • Equal or smaller than the lifetime of a TCP connection © André Zúquete Advanced Network Security SSL/TLS: Interactions diagram (1st part) © André Zúquete Advanced Network Security 3 SSL/TLS: Interactions diagram (2nd part) © André Zúquete Advanced Network Security Normal TLS/SSL Protocols port port TLS/SSL: HTTP 80 443 IMAP 143 993 Usage POP3 110 995 SMTP 25 465 w Just a standard protocol LDAP 389 636 ® No standard API w Common interfaces Explore only a subset of TLS/SSL features ® SSLref • Reference SSL API ® SSLeay, OpenSSL • APIs of public SSL implementations w Usage by servers ® Two interfaces • A conventional one (usencure), with the normal transport port • Another over SSL, with a new transport port ® The client defines its intensions upon the used interface © André Zúquete Advanced Network Security 4 stunnel w General purpose client/server SSL tunnel Legacy Client Server w/ client app TCP stunnel SSL SSL Client app Server Legacy w/ SSL SSL stunnel TCP server Legacy Client Server Legacy client app TCP stunnel SSL stunnel TCP server © André Zúquete Advanced Network Security stunnel authentication w An stunnel server provides a certificate of its own ® Not a certificate of the services it gives access to w Certificate validation has several flavors ® No validation ® Validation with standard rules ® Validation with pre-loaded, self-signed certificate • Somewhat similar to SSH © André Zúquete Advanced Network Security 5.