Fighting Cargo Cult – The Incomplete SSL/TLS Bookmark Collection

Throughout the recent months (and particularly: weeks), people have asked me how to properly secure their SSL/TLS communication, particularly on web servers. At the same time I’ve started to look for good literature on SSL/TLS. I noticed that many of the “guides” on how to do a good SSL/TLS setup are actually cargo cult. Cargo cult is a really dangerous thing for two reasons: First of all, security is never a one-size-fits-all solution. Your setup needs to work in your environment, taking into account possible limitation imposed by hardware or software in your infrastructure. And secondly, some of those guides are outdated, e.g. they do neglect the clear need for Perfect Forward Secrecy, or use now-insecure ciphers. At the worst case, they are simply wrong. So I won’t be providing yet another soon-outdated tutorial that leaves you non-the-wiser. Instead, I’ll share my collection of free and for-pay documents, books and resources on the topic which I found particularly useful in the hope that they may help you in gaining some insight.

Introduction to SSL/TLS

If you’re unfamiliar with SSL/TLS, you definitely should take half an hour to read the Crypto primer, and bookmark SSL/TLS Strong Encryption: An Introduction for reference.

• Crypto Primer: How does SSL work? sums up the functionality of SSL/TLS
• SSL/TLS Strong Encryption: An Introduction is less of an introduction than a very elaborate glossary of SSL/TLS and crypto terminology

Deploying SSL/TLS

So you want to get your hands dirty? Check your server setup with Qualys SSL Labs’ server test. Make sure you fix the most important issues. You should at least be able to get an “A-” grading. If you find yourself in trouble (and are the administrator of an Apache or nginx setup), you should read the OpenSSL cookbook. Professional system administrators should have Bulletproof SSL/TLS and PKI on the shelf/eBook reader.¹⁾

If you find yourself with too little time on your hands, you can skip through to Mozilla’s awesome config tool which will help you with setting up your SSL vhost for Apache, nginx and HAproxy. However, some background may still be needed. You will find it on Mozillla’s Cipher recommendation page and the OpenSSL cookbook.

• Qualys SSL Labs is a web site that can analyze the quality of a given SSL/TLS setup (HTTP only) using a nice rating scheme ²⁾ and providing hints on how to easily improve your setup.
• Bulletproof SSL/TLS and PKI — Subtitled The Complete Guide to Securely Using SSL/TLS and PKI in Infrastructure Deployment and Web Application Development, this book is still work in progress (and is constantly updated, also according to readers feedback). Its author, Ivan Ristić, is also the guy behind  ssllabs.com). Purchasers will receive updates to the eBook once finished. You can also purchase a hard copy
• OpenSSL Cookbook  — Extended excerpt from Bulletproof SSL/TLS and PKI. Suitable to secure your web server. Free download (requires registration).
• Mozilla’s SSL Configuration Generator provides sane boiler plate configurations for your Apache/Nginx/HAproxy setups.
• Up-to-date cipher suite recommendation from Mozilla with detailed explanation on why it was chosen. (Thanks to Tom Brossman).
• Efficiently picking PFS-compatible cipher suites for IIS (using PowerShell).

The SSL, the TLS and the Ugly

If you are a dedicated IT professional, you should not miss the next section. Although it’s not crucial for those wishing to “simply secure their server”, it provides those who are responsible for data security with a clear understanding of the numerous theoretical and practical limitations of SSL/TLS.

• SSL: Paved with Good Intentions: Presentation on history and weaknesses of SSL/TLS by Richard Moore, CTO at Westpoint Ltd and the maintainer of the Qt SSL/TLS stack.
• Adam Langley (Google Chrome) on the risks of Revocation Checks
• 20 years of SSL/TLS Research Dissertation providing an excellent background on the pitfalls, attacks and risks of SSL/TLS. Suitable for non-scholars (and highly recommended). You may skip the math.
• The case for OCSP-Must-Staple: Great commentary on what is needed for SSL/TLS beyond OCSP Stapling to have good support for certificate revocation.
• Analyzing Forged SSL Certificates in the Wild – Paper analyzing forged certificates for Facebook, highlighting scenarios where forged certificates can be encountered.

Tools and Utilities for Debugging SSL/TLS

Sometimes you need to debug errors during the SSL handshake. While a bit primitive, OpenSSL’s s_client tool is the weapon of choice. When it comes to monitoring SSL/TLS encrypted communications, use mitmproxy or Charles. They need to be added as proxies, but can also intercept PFS connections, due to their active MITM position.

• Server Config Generator for Apache, nginx and HA proxies
• sslyze – a command line script to check SSL/TLS on servers (Python)
• cipherscan – command line client to check effectively supported cipher suites (Bash)
• openssl s_client is a command line tool that provides details on the handshake phase and establishes a secure connection. Use it to debug problems with certificate chaining, OCSP stapling, etc.
• Wireshark packet analyzer (and why it will not help you if you’re using PFS)
• mitmproxy suite — command line tools to analyze encrypted traffic (Python-based, Free)
• Charles Web Debugging Proxy (Java, Commercial)

This list is not exhaustive and if you have more suggestions, please go ahead and post them in the comments. I’ll be happy to add them. Finally, just like with system administration in general, you’re never “done” with security. SSL/TLS is a swiftly moving target, and you need to be aware of what is going on. If you are an IT professional, subscribe to security mailing lists and the announcement lists of your vendor. Finally, while I’m aiming to update this page, there’s never a guarantee of up-to-dateness for this list either.

Update (22.04.2014): Don’t miss the discussion on this article over at Hacker News.

Article History

• 21.04.2014 – Initial version
• 21.04.2014 – Added “The Case for OCSP-Must-Staple”, Mozilla Cipher suite recommendation
• 22.04.2014 – Updated to add sslyze and cipherscan, added HN link, fixed typos
• 02.05.2014 – Add “Analyzing Forged SSL Certificate” paper
• 19.12.2014 – Add Mozilla SSL Generator, updated text on book availability

1) I do realize that I am courting Ivan a lot in this section and that relying on only an a single external web service that can go away any day is not a good thing. At the same time I think that the handshake simulation and the simple rating process are priceless, as such assessment cannot be trivially done by people whom’s life does not revolve around crypto and security 24/7. At the same time, I’m happy for any pointers towards other, user friendly tools.

2) While blindly following the rating can easily lead to the establishment of cargo cult, ssllabs.com is continuously updated to only give those a good grading that follow the best pactices. Again: Avoid Cargo Cult, make sure you have a good idea of what you are doing.