Как мы делали TLS в Яндексе. Эльдар Заитов
-
Upload
yandex -
Category
Technology
-
view
70 -
download
6
description
Transcript of Как мы делали TLS в Яндексе. Эльдар Заитов
![Page 1: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/1.jpg)
![Page 2: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/2.jpg)
TLS deployment in big environments
Eldar Zaitov
![Page 3: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/3.jpg)
Transport Layer Security
› HTTP / SPDY › IMAP › POP3 › SMTP › XMPP › Whatever
![Page 4: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/4.jpg)
TLS termination options
│ 3rdparty TLS termination › Amazon ELB, Cloudflare, etc
│ Hardware Load Balancers › F5 BigIP, etc
│ Software TLS terminators › Nginx, HAProxy, Bud, etc
![Page 5: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/5.jpg)
Unification
› Apache › Lighttpd › Nginx › HAProxy › SEPE Balancer › Erlang › Jetty › Mail Servers
![Page 6: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/6.jpg)
Unification
› Nginx › SEPE Balancer › Erlang › Mail servers !
› OpenSSL 1.0.1+ / 1.0.2
![Page 7: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/7.jpg)
TLS Server Certificate options
› Extended Validation / Domain Validation / etc
› RSA / DSA / ECDSA
› MD5 / SHA1 / SHA256
› Certificate Authority
![Page 8: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/8.jpg)
Certificate Authority
issuer
verifies
x
Site certificate
Intermediate certificate
Root CA certificate
Owner’s Name
Owner’s Public key
Issuer’s (CA) Name
Issuer’s Signature
Owner’s Name
Owner’s Public key
Issuer’s (CA) Name
Issuer’s Signature
Root Name
Root Public key
Root Signature
issuer
verifies
verifies
![Page 9: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/9.jpg)
CA Certificate options
› RSA / DSA / ECDSA
› MD5 / SHA1 / SHA256
› OS support
› Origin Country
![Page 10: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/10.jpg)
Certificate Authority options
› Go buy a certificate manually
› Own an Intermediate CA
› MPKI
![Page 11: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/11.jpg)
Security vs Performance
› HTTPS can lead to latency overheads up to 4 RTT › Properly configured HTTPS should not add more than 1 RTT
![Page 12: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/12.jpg)
Client Server
Client Hello
Server HelloCertificate(Certificate status)
100 ms
200 ms
150 ms
250 + X ms
300 + X ms
Server key exchangeServer Hello DoneClient Key Exchange
Change Cipher SpecFinished
GET / HTTP/1.0
Change Cipher Spec(New session ticket)Finished
![Page 13: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/13.jpg)
Early termination / CDN
![Page 14: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/14.jpg)
Early termination / CDN
![Page 15: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/15.jpg)
Certificate status
› Certificate Revocation List › Online Certificate Status Protocol
![Page 16: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/16.jpg)
Certificate status browser behavior
› Chromium – CRLsets, OCSP for EV › Firefox – OCSP › IE – CRL + OCSP › Opera – CRL + OCSP
!
All of them accept Stapled OCSP responses
![Page 17: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/17.jpg)
Certificate status
› OCSP stapling › Short-Lived certs › CDN for OCSP, CRL
![Page 18: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/18.jpg)
Perfect Forward Secrecy
!
Server Client
K = B mod p a K = A mod p b
gp
SA = g mod p a b
!B = g mod p
ba
![Page 19: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/19.jpg)
PFS performance penalties
~3200 ECDHE-RSA-AES128-GCM-SHA256 handshakes per second on Xeon 5645 with Nginx
![Page 20: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/20.jpg)
PFS bright side/ TLS False Start
Client Server
Client Hello
Server HelloCertificate(Certificate status)
100 ms
200 ms
150 ms
Server key exchangeServer Hello DoneClient Key Exchange
Change Cipher SpecFinished
GET / HTTP/1.0
Change Cipher Spec(New session ticket)Finished
HTTP/1.0 200 OK
![Page 21: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/21.jpg)
PFS performance penalties / solutions
› Keep-alive
› SPDY
› TLS Session Reuse
› Elliptic Curve Cryptography
![Page 22: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/22.jpg)
SPDY
HTTP SPDY
Browser 3 connections 3 handshakes
Server Browser 1 connection 1 handshake
Server
![Page 23: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/23.jpg)
TLS Session Reuse
Client Hello
Server Hello
100 ms
200 ms
150 ms
GET / HTTP/1.0
Change Cipher Spec(New session ticket)Finished
Client Server
Change Cipher SpecFinished
250 ms
![Page 24: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/24.jpg)
TLS Session Reuse (Session IDs)
Client Hello
Client random
Ciphers
Session ID
Session key
Session ID
Key
Key
Key
ServerClient│Session IDs
RFC 5246
› Stateful
› SSL 3.0+
![Page 25: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/25.jpg)
TLS Session Reuse (Session Tickets)
Client Hello
Ciphers
Random
TLS Ticket
TLS Ticket
Key ID
IV
Enc. State
MAC
Ticket key
Session key
ServerClient│Session Tickets
RFC 5077
› Stateless
› TLS 1.0+
* Only Firefox and Chromium
![Page 26: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/26.jpg)
Elliptic Curve Cryptography
› ECDHE vs EDH
› ECC certificates
~6300 ECDHE-ECDSA-AES128-GCM-SHA256 handshakes per second on Xeon 5645 with Nginx
* No ECDSA support in Windows XP < SP3
![Page 27: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/27.jpg)
SHA-1 sunsetting
│No SHA-256 support in Windows XP < SP3
![Page 28: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/28.jpg)
ECC and RSA / Dual certs
› ECC + SHA-256 for modern clients
› RSA + SHA-1 for old clients
![Page 29: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/29.jpg)
Content Security Policy for mixed content detection
│Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
![Page 30: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/30.jpg)
Secure Cookies
│Set-Cookie: session=124567; HttpOnly; Secure;
![Page 31: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/31.jpg)
HTTP Strict Transport Security
│Strict-Transport-Security: max-age=31536000; includeSubdomains;
![Page 32: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/32.jpg)
Fix website URL in Yandex.Webmaster
│ Yandex Spider supports most modern ciphers and protocols
![Page 33: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/33.jpg)
Configure HTTPS properly
› TLS 1.2 › PFS with AEAD ciphers › ECC for key exchange and certificates › Session Resumption › Secure Cookies › Strict Transport Security
![Page 34: Как мы делали TLS в Яндексе. Эльдар Заитов](https://reader034.fdocuments.in/reader034/viewer/2022042506/55892fe9d8b42a57608b4620/html5/thumbnails/34.jpg)
Thank you for your attention!Questions?