Category: FSLab

Fighting Cargo Cult – The Incomplete SSL/TLS Bookmark Collection

Posted on 21 April, 2014 by danimo

Throughout the recent months (and particularly: weeks), people have asked me how to properly secure their SSL/TLS communication, particularly on web servers. At the same time I’ve started to look for good literature on SSL/TLS. I noticed that many of the “guides” on how to do a good SSL/TLS setup are actually cargo cult. Cargo cult is a really dangerous thing for two reasons: First of all, security is never a one-size-fits-all solution. Your setup needs to work in your environment, taking into account possible limitation imposed by hardware or software in your infrastructure. And secondly, some of those guides are outdated, e.g. they do neglect the clear need for Perfect Forward Secrecy, or use now-insecure ciphers. At the worst case, they are simply wrong. So I won’t be providing yet another soon-outdated tutorial that leaves you non-the-wiser. Instead, I’ll share my collection of free and for-pay documents, books and resources on the topic which I found particularly useful in the hope that they may help you in gaining some insight.

Introduction to SSL/TLS

If you’re unfamiliar with SSL/TLS, you definitely should take half an hour to read the Crypto primer, and bookmark SSL/TLS Strong Encryption: An Introduction for reference.

Crypto Primer: How does SSL work? sums up the functionality of SSL/TLS
SSL/TLS Strong Encryption: An Introduction is less of an introduction than a very elaborate glossary of SSL/TLS and crypto terminology

Deploying SSL/TLS

So you want to get your hands dirty? Check your server setup with Qualys SSL Labs’ server test. Make sure you fix the most important issues. You should at least be able to get an “A-” grading. If you find yourself in trouble (and are the administrator of an Apache or nginx setup), you should read the OpenSSL cookbook. Professional system administrators should have Bulletproof SSL/TLS and PKI on the shelf/eBook reader.¹⁾

If you find yourself with too little time on your hands, you can skip through to Mozilla’s awesome config tool which will help you with setting up your SSL vhost for Apache, nginx and HAproxy. However, some background may still be needed. You will find it on Mozillla’s Cipher recommendation page and the OpenSSL cookbook.

Qualys SSL Labs is a web site that can analyze the quality of a given SSL/TLS setup (HTTP only) using a nice rating scheme ²⁾ and providing hints on how to easily improve your setup.
Bulletproof SSL/TLS and PKI — Subtitled The Complete Guide to Securely Using SSL/TLS and PKI in Infrastructure Deployment and Web Application Development, this book is still work in progress (and is constantly updated, also according to readers feedback). Its author, Ivan Ristić, is also the guy behind ssllabs.com). Purchasers will receive updates to the eBook once finished. You can also purchase a hard copy
OpenSSL Cookbook — Extended excerpt from Bulletproof SSL/TLS and PKI. Suitable to secure your web server. Free download (requires registration).
Mozilla’s SSL Configuration Generator provides sane boiler plate configurations for your Apache/Nginx/HAproxy setups.
Up-to-date cipher suite recommendation from Mozilla with detailed explanation on why it was chosen. (Thanks to Tom Brossman).
Efficiently picking PFS-compatible cipher suites for IIS (using PowerShell).

The SSL, the TLS and the Ugly

If you are a dedicated IT professional, you should not miss the next section. Although it’s not crucial for those wishing to “simply secure their server”, it provides those who are responsible for data security with a clear understanding of the numerous theoretical and practical limitations of SSL/TLS.

SSL: Paved with Good Intentions: Presentation on history and weaknesses of SSL/TLS by Richard Moore, CTO at Westpoint Ltd and the maintainer of the Qt SSL/TLS stack.
Adam Langley (Google Chrome) on the risks of Revocation Checks
20 years of SSL/TLS Research Dissertation providing an excellent background on the pitfalls, attacks and risks of SSL/TLS. Suitable for non-scholars (and highly recommended). You may skip the math.
The case for OCSP-Must-Staple: Great commentary on what is needed for SSL/TLS beyond OCSP Stapling to have good support for certificate revocation.
Analyzing Forged SSL Certiﬁcates in the Wild – Paper analyzing forged certificates for Facebook, highlighting scenarios where forged certificates can be encountered.

Tools and Utilities for Debugging SSL/TLS

Sometimes you need to debug errors during the SSL handshake. While a bit primitive, OpenSSL’s s_client tool is the weapon of choice. When it comes to monitoring SSL/TLS encrypted communications, use mitmproxy or Charles. They need to be added as proxies, but can also intercept PFS connections, due to their active MITM position.

Server Config Generator for Apache, nginx and HA proxies
sslyze – a command line script to check SSL/TLS on servers (Python)
cipherscan – command line client to check effectively supported cipher suites (Bash)
openssl s_client is a command line tool that provides details on the handshake phase and establishes a secure connection. Use it to debug problems with certificate chaining, OCSP stapling, etc.
Wireshark packet analyzer (and why it will not help you if you’re using PFS)
mitmproxy suite — command line tools to analyze encrypted traffic (Python-based, Free)
Charles Web Debugging Proxy (Java, Commercial)

This list is not exhaustive and if you have more suggestions, please go ahead and post them in the comments. I’ll be happy to add them. Finally, just like with system administration in general, you’re never “done” with security. SSL/TLS is a swiftly moving target, and you need to be aware of what is going on. If you are an IT professional, subscribe to security mailing lists and the announcement lists of your vendor. Finally, while I’m aiming to update this page, there’s never a guarantee of up-to-dateness for this list either.

Update (22.04.2014): Don’t miss the discussion on this article over at Hacker News.

Article History

21.04.2014 – Initial version
21.04.2014 – Added “The Case for OCSP-Must-Staple”, Mozilla Cipher suite recommendation
22.04.2014 – Updated to add sslyze and cipherscan, added HN link, fixed typos
02.05.2014 – Add “Analyzing Forged SSL Certificate” paper
19.12.2014 – Add Mozilla SSL Generator, updated text on book availability

1) I do realize that I am courting Ivan a lot in this section and that relying on only an a single external web service that can go away any day is not a good thing. At the same time I think that the handshake simulation and the simple rating process are priceless, as such assessment cannot be trivially done by people whom’s life does not revolve around crypto and security 24/7. At the same time, I’m happy for any pointers towards other, user friendly tools.

2) While blindly following the rating can easily lead to the establishment of cargo cult, ssllabs.com is continuously updated to only give those a good grading that follow the best pactices. Again: Avoid Cargo Cult, make sure you have a good idea of what you are doing.

FrOSCon 2009: Call for Papers About to Close

Posted on 20 May, 2009 by danimo

The Call for Papers for this years’ Free and Open Source Conference (FrOSCon) will close in three days. Hot topics are Cloud Computing, Open Hardware, Free Software and SaaS (Software as a Service) as well as mobile Gadgets (Netbooks, Phones, …).

Traditionally, FrOSCon has always hosted a sub conference. After hosting the Python and PHP community, this years programming language du jour is Java. Does anyone feel like giving a Jambi talk? 🙂

Btw: Qt Software supports FrOSCon as a Gold Sponsor and both Qt Software and the KDE team will of course be present during the conference. Visit us from 22.- 23. August 2009 in the premises of the University of Applied Technology in St. Augustin near Bonn!

Why Current Linux-Preinstalls Pose Adoption Problems for Netbook Users

Posted on 28 December, 2008 by danimo

This christmas, Santa brought an Acer Aspire One (A110L) for my mother, a not so techy person. It even had a customized version of Linpus Linux on it featuring quite a pleasant, simple UI. It’s supposed to be simple and useful. And at first glance, that’s true: It comes with Firefox, OpenOffice, etc.

Unfortunately, there is also a downside. Why? Because it comes with Firefox, OpenOffice, etc… on Fedora Core 8, a quite old version of the Distribution. Firefox is on Version 2.0.0.14 and no official update is available, leaving A110 users with known security issues and a product which is officially abandoned by the vendor. Same holds true for OpenOffice.org 2.3, the current Version is 3.0.

The Update System does not use YUM, it has propritary system that downloads XML descriptions, packages and shell scripts from a Taiwanese, overworked Server, with no (visible) signature validation (*yikes*).¹⁾

So I wanted to install Skype, since that’s what my family uses to do voice and video chatting. The built-in messanger also has no support for Jabber. So I wanted to install skype and PSI instead of the built-in messanger. Both turned out to require advanced Linux-Knowledge (installing RPMs manually in case of Skype) and some google searching (becoming root, add items into the menu). Some choices, like the choice of language can only be done via
the GUI initially. Later on, one needs to find a script that sets environment variables and reboot the system.

So where is the trouble? The extra step via Linpus. While it seems like the ideal OS (Startup time of about 4 seconds, easy launcher interface), it

Keeps the users from secure upgrades to decent versions. Even worse: It keeps the users from even customizing their Netbooks just a little bit. With the Windows XP variant, installing Skype is just a Download and a Mouse click away. That’s why I find a lot of people moving on to XP right away or buying the XP version in the first place. The hypothesis that netbook users accept their devices just the way they are is a myth.
Keeps the average user from installing new Software (keep in mind the target audience!).
Woeks around the underlying distributions update infrastructure.

Not sure if Ubuntu’s Netbook spins are the answers, but I will definitely give them a try on an external SSD medium.

¹⁾ I admit that this is not the central point here, but since I’m at 25c3 and Dan Kaminsky has just stressed how many update systems suck because they lack any kind of validation about the blob they are about to download and run as root, I felt like pointing it out.

PS: Dear Lazyweb: Does anyone have expiriences with other Netbook Vendors? I am under the impression that the Eee PC preinstallation suffers from similar problems.

On Icons and Labels

Posted on 14 November, 2008 by danimo

To be frank: I think that the Kubuntu’s switch to “Text aside icons” (as discussed by Seele) was a mistake. The reasons for that are best explained by an example:

Here, only one of three actions are visible in the tool bar, rendering it pretty useless. But let’s revisit what we had as the default in KDE 3 before we used “Text below icons”:

Now, “Text below icons” is a bad idea, because it wastes vertical space, which we are already short of (Plasma panels, menu bar, window decoration). Given the emerging 16:9 ratio monitors, this sounds like a call for “Text aside icons”, the new Kubuntu default:

During the quite vivid and productive discussions on Seele’s blog, some people proposed to show the text only for special actions (mockup as posted there). This does not only allow to easily spot the most important of the actions (keep in mind that all actions in the toolbar should be kind of important, otherwise they shouldn’t be there), but also eases hitting the actions tool button.

Actually, this idea has gone through my mind quite often and our friends over at the competition used this for ages, albeit for Evolution only. Instead of going for such a solution, KDE has struggled for years searching for the right defaults and discussed about screen resolutions.

The actual reason for this was mostly of technical nature: QToolBar couldn’t change the tool button style property for specific actions in Qt 3.x, and the almighty XMLGUI layer used by KDE thus had no such option either. Instead, one everyone got to pick his poison (no description, or space wasting ones).

Attentive readers will have noticed my deliberate use of the past tense in the paragraphs above. This is because with Qt 4, it is possible to do just what I said was missing: Adding actions with an individual Qt::ToolBarStyle. So without further ado, here is my (code-backed) mockup:

The secret is to add those actions that should get a text aside the icon like this:

    ...
    QToolBar *bar = mw.addToolBar(QObject::tr("Actions"));
    bar->setIconSize(QSize(22, 22));

    QToolButton *tb = new QToolButton;
    tb->setDefaultAction(new QAction(QIcon(":/icons/mail-message-new.png"),
                                     QObject::tr("New Message"), tb));
    tb->setToolButtonStyle(Qt::ToolButtonTextBesideIcon);
    bar->addWidget(tb);
    ...

This is officially documented behavior. Quoting the Qt docs on QToolBar::addWidget():

If you add a QToolButton with this method, the tools bar’s Qt::ToolButtonStyle will not be respected.

Now it shouldn’t be too hard to add suppport this idiom to XMLGUI, by adding a flag for “important” actions. That said, XMLGUI is a quite complicated and fragile matter. However, I will take a look at this soon to see if it can be implemented in a clean way without patching Qt.

PS: I think this is one example where less could actually be more in KDE. If we get this right, there is no need for choosing an icon label alignment at all.

KOVpn: A helpful little tool returns

Posted on 30 July, 2008 by danimo

Disclaimer: No KDE 4.1 hype here. This is for the real retro folks (aka KDE 3.x users).

KOVpn is a simple, yet helpful tool to connect to private networks using the OpenVPN software. It was nice, but needed some more improvements (indicated by its version number). Unfortunately, the last maintainer vanished along with the project page and the download files. However, I was able to get hold of the latest stable release via our University sysadmin (and KDE veteran!) Chris Neerfeld. Since OpenVPN is used in my uni to gain WiFi access, I moved the tool into a trac environment at our labs project hosting service.

With the help of another lab member, Jochen Wierum, I also managed to get out packages for OpenSUSE, Debian and Kubuntu via the (excellent!) OpenSUSE Build Service. Also, thanks to a fix Jochen contributed, the latest release also works on 64 bit distros.

So what now? This is a KDE 3 app, so its days are clearly counted. Yet it will hopefully help, since KDE 3.5 will probably be around for quite some time. Currently I am considering a Qt 4 port, if my time permits. But actually, it is really NetworkManager who should become smart enough to handle all kinds of OpenVPN setup, instead of the rather limited options it offers nowadays. Let’s see what the future brings. In the meanwhile, enjoy KOVpn!

PS: Be warned The setup currently involves manual setup of OpenVPN, but using it afterwards is a real joy, compared to using the commandline or weired custom scripts

PPS: Dear Lazyweb: Do you know how work on NetworkManager is progressing wrt OpenVPN integration?

Berlin, Trolltech, FrOSCon, Akademy…

Posted on 22 July, 2008 by danimo

So I am back in Berlin writing my thesis at the Trolltech office here. Lately I’ve been pretty busy with exams, but now I can concentrate on my thesis, with the notable exception of two weekends: One is FrOSCon 2008, which I will attend on the 23. and 24. of August, but even before I will be in Belgium because…

BVG stellt Grundrecht auf Online-Vertraulichkeit fest

Posted on 27 February, 2008 by danimo

Es noch Hoffnung in Deutschland: Das Bundesverfassungsgericht. Hier macht man sich offensichtlich wirklich differenzierte Gedanken und schmettert die sogenannte Online-Durchsuchung ab. Zum Beispiel im Falle des entsprechenden Gesetzes in NRW, das heute vom BVG kassiert wurde:

Die NRW-Vorschrift, die dem Landes-Verfassungsschutz allgemein den “heimlichen Zugriff auf informationstechnische Systeme” erlaubte, verstoße auch gegen das Gebot der Verhältnismäßigkeit. (tagesschau.de)

Deswegen stellten die Richter jetzt ein Grundrecht auf Gewährleistung der Vertraulichkeit und Integrität informationstechnischer Systeme fest. Online-Durchsuchen sind zwar nicht unmöglich, aber die Hürden werden sehr, sehr hoch angelegt. Nun hoffen wir, dass diese eindeutige Entscheidung nicht wieder durch die Üblichen Verdächtigen systematisch untergraben wird.

(via lawblog)

Report: Release-Party in Bonn

Posted on 19 January, 2008 by danimo

Cocktail “KDE 4.0 Blue Lagoon”

Ingredients:

2cl Vodka
1-2cl Blue Curacao
2cl Cream
10cl Pinapple Juice
4cl Cream of Coconut
1-2 Ice Cubes

Howto:

Shake well. Decorate glass with a an orance slice. Before slicing the orange, cut and peel vertical stripes off the orange. This creates a nice gear look. Serve with a black straw.

For the non-alcoholic version, use blue curacao sirup and more juice instead of blue curacao and vodka. If you try a bit, you can create a color gradient with the coconut cream, which creates the lagoon effect.

To sum it up: it was an awesome party. We had a decently filled location, which surprised me because this particular party was announced less than one week in advance.

Starting at about 19:00 o’clock local time we saw a great show: Aaron giving an awesome keynote, Benjamin presenting KDE 4.0 apps on the Mac and Holger showing off KDE 4.0 on Windows in the typical understatement way of people from northern Germany :-). Thanks to Google for recording, Franz for organizing the streaming, and Dirk for getting a server capable of actually delivering the stream.

Keynote from the Bonn perspective: Aaaron rocking the show

To me that keynote (which we will hopefully soon be seeing on Youtube), was en par with the ones the Steve’s of this IT world deliver, just a lot warmer and more honest. Yet Aaron managed to present the incredible achievement that is KDE 4.0 in an amazing way.

After the keynote finished, the attendees had time to test KDE 4.0 and discuss various issues. As a special plus for those attending our party, we offered a special “KDE 4.0 Blue Lagoon Cocktail”, which was very well received. (recipe on the right, sorry for the crappy pic). Thanks go to Peter for organizing beer, Natascha for doing an excellent job as a bar tender, the Netzladen for hosting and to AurISP and PBR Systems for providing a projector for everyone to follow the keynote.

Oh, and Qt is (also) GPLv3 now. Yay!

KDE 4.0.0 – The Start of Something Amazing

Posted on 11 January, 2008 by danimo

So it’s been done: KDE 4.0.0 has just been released. This is not only the end of a long development effort, involving a lot of new ideas and even more sweat and tears in getting a .0 release out. It also marks the beginning of a new age in free desktop computing, new ideas and new technologies, some of which are still emerging and will find their way in later KDE 4 releases.

I was especially impressed with the page of the KDE Games folks, which makes you want KDE 4.0.0 just for the sake of playing some of the games they wrote and polished. A special hats off goes to the new KBattleship maintainer. The new version rocks. In related news, make sure to check the page of the KDE Education project.

So what does the future hold for KDE 4? Obviously, there will be lots of plasma applets and a lot of ported and new applications. Developing for KDE already is and will continously become a lot easier, especially due to the advanced scripting capabilities. To keep the learning curve low, we will do a developer tutorial sprint on TechBase once the dust of the release announcement has settled. And the best thing is: You can make a difference. No matter if you like coding, translations, doing arts or do something we don’t have a position for yet: Get involved and become a part of something amazing.

PS: If you want to celebrate the new release in parallel to the Mountain View event next friday and live in the Cologne/Bonn area, drop me a mail.

2007 & New Years Resolutions

Posted on 1 January, 2008 by danimo

Due to some rather strange pains in my back (probably muscle-related, I hope the doc will find out tomorrow), I am somewhat chained to my bed. With my action radius being limited significantly, I am doing what seems popular: I decided to give an update about my personal situation. To sum up 2007, it was a fairly nice but also stressful year, with a lot of changes in my private life, both positive and rather sad (which don’t belong here, drop me a mail if you care).

It also saw the release of the english, slightly updated version of my book on Qt 4 and held an awesome study-related internship at the coolest toolkit-vendor ever. I hope this explains why I remained so silent on the blog and (even worse) on the KDE commit list. I kept active in the background however, keeping TechBase running along with Dominik and setting up other MediaWiki-based websites for KDE.

As for 2008, there is a lot of things I want to do. I won’t bother you with all of them, just the very basic ones:

Finish studies (finally :))
Get more involved in KDE development again
Enjoy real-life even more than last year*

So, to all my friends, readers and KDE-enthusiasts i wish

A happy new 2008!

*(well actually, that looks like bad resolution at first sight, since 1 and 2 conflict with 3, but after all it’s all about the right balance, right?)