SSL, We Used to Know (YOU)
By Jacky Alciné
I'm Jacky.
![](https://s3.amazonaws.com/media-p.slid.es/uploads/444780/images/2196770/red_gradient_400.png)
I work at
I live in Oakland tho.
https://jacky.wtf
use:
encrypt eveything
What is SSL?
SSL
Secure
Sockets
Layer
Developed by Netscape!
About 6 months younger than me!
Wait, HOW OLD?
EVentually
SSL DIED.
![](https://s3.amazonaws.com/media-p.slid.es/uploads/444780/images/2202757/cant-do-it.gif)
ITs' like that sometimes.
![](https://s3.amazonaws.com/media-p.slid.es/uploads/444780/images/2202780/save-alfred-crying.gif)
Protocols come and go. Anyone remember ICQ?
what to expect?
![](https://s3.amazonaws.com/media-p.slid.es/uploads/444780/images/2202805/Screenshot_2016-02-03_18.05.41.png)
I HAZ WEBSEC!
We know the person who gave Slides this SSL certificate. And it's using SHA256 (good stuff)
Elliptic key, AES encryptor
TLS 1.freaking.2!!
A TLS CERT
![](https://s3.amazonaws.com/media-p.slid.es/uploads/444780/images/2202830/Screenshot_2016-02-03_18.19.42.png)
A human-readable format.
A TLS CERT
A less-than-human readable format.
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAQ+tMMHlwnHGsi5tAxF7YN0/MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTExMjkwNTQyMDBaFw0x
NjAyMjcwNTQyMDBaMBgxFjAUBgNVBAMTDXd3dy5qYWNreS53dGYwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs2iQQ4jImFOY7/cg3g3X+5FHiKzMNsjxY
Jv2eThh477adhI2GrCQxJ2w7OsU0H2K4Z9Ek1BaetJu5bQjY6rwsM8LZ9xOJYa8d
7aunF+9PfRpfqogs04Z9ruzAnaneH+neDmPvGNmObVGfUtQ/62xECLdZo4Z1va2k
Hn97oxdz7xCHN8IMenqPSlGniKYEppOS15tVRq77bPlzTSOd6VAwkwwz/TT44SMg
Iufc0BiEAU1qRdoGkivzotC8z8ODFUYrQzBsGiXZXPrjKK75J2Bg/ZDRHUsOHvL9
lOMnWEQmp0RVrEngOGdaBCNZnLH0XddvUgqK/hhmPfhazs5ztpXlAgMBAAGjggIc
MIICGDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFIKc0PLnoO+h6sQvnX+b1QANFwuZ
MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMHAGCCsGAQUFBwEBBGQw
YjAvBggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50LXgxLmxldHNlbmNyeXB0Lm9y
Zy8wLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14MS5sZXRzZW5jcnlwdC5v
cmcvMCMGA1UdEQQcMBqCDXd3dy5qYWNreS53dGaCCWphY2t5Lnd0ZjCCAQAGA1Ud
IASB+DCB9TAKBgZngQwBAgEwADCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUH
AgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyB
m1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVs
eWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2Vy
dGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3Jn
L3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQCVOT/18v1AGwWuogMXciMq
36xScTzuBPYXA34xBNmwDkaK8t970awVcAnoygGq3Hvm7FFYo3tvEWtbJFG+bWqb
HeE3CYnZnf0/8UybV4019ITN/wwxrJgk0Nh0V7f9kEQjobtGjAplZIDG+GLdnrvf
lAY04Tf4i3ZnlvCpCIurQJtx7oIGa+ryTfGAFvvJsRLefQ/gjZIVZda5nmbWWWq4
7/jeFs4qBt1fKCZY9ohpgg9Tfc3q+S5Rt0PreHgtpQPUh74MC7INyIlb/vVwS2bm
6kBAbFNOD69diFNnzw3jH6RHPbLvZEjyom6sM1WB5fjwplf0Tc6cRrUpFbTuNFu/
-----END CERTIFICATE-----
Here comes
![](https://s3.amazonaws.com/media-p.slid.es/uploads/444780/images/2202765/birdman-hand-rub-eagle.gif)
Transport
layer
security
TLS uses...
Symmetric Encryption
Public Key Cryptography (we know who you are)
Every Message is MAC'd (no phonies)
Forward Secrecy (everything's legit)
Certificate pinning
THE FUTURE!!!1
![](https://s3.amazonaws.com/media-p.slid.es/uploads/444780/images/2202795/doggy-explosion.gif)
No puppies were harmed in this GIF. Srsly.
COMMON
HTTP Layer
TLS 1.2 used by server
GZIP
Minification
EXPECTED
HTTP/2. Dassit.
![](https://s3.amazonaws.com/media-p.slid.es/uploads/444780/images/2202800/hPwa8.gif)
HTTP/2
- Used to be SPDY (Google)
- Picked up by NGINX
- Twitter uses it (I THINK)
- ... HTTP's future
![](https://s3.amazonaws.com/media-p.slid.es/uploads/444780/images/2202859/iron_man_mark_ii_fail.gif)
DASSIT.
SSL, We Used to Know You
By Jacky Alciné
SSL, We Used to Know You
This talk was presented at WaffleJS Feb 3, 2016. It provides a short story as to why SSL was created & deprecated, the use of TLS to replace it and how HTTP/2 incorporates security by default.
- 1,518