SSL, We Used to Know (YOU)
By Jacky Alciné
I'm Jacky.
I work at
I live in Oakland tho.
https://jacky.wtf
use:
encrypt eveything
What is SSL?
SSL
Secure
Sockets
Layer
Developed by Netscape!
About 6 months younger than me!
Wait, HOW OLD?
EVentually
SSL DIED.
ITs' like that sometimes.
Protocols come and go. Anyone remember ICQ?
what to expect?
I HAZ WEBSEC!
We know the person who gave Slides this SSL certificate. And it's using SHA256 (good stuff)
Elliptic key, AES encryptor
TLS 1.freaking.2!!
A TLS CERT
A human-readable format.
A TLS CERT
A less-than-human readable format.
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAQ+tMMHlwnHGsi5tAxF7YN0/MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTExMjkwNTQyMDBaFw0x
NjAyMjcwNTQyMDBaMBgxFjAUBgNVBAMTDXd3dy5qYWNreS53dGYwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs2iQQ4jImFOY7/cg3g3X+5FHiKzMNsjxY
Jv2eThh477adhI2GrCQxJ2w7OsU0H2K4Z9Ek1BaetJu5bQjY6rwsM8LZ9xOJYa8d
7aunF+9PfRpfqogs04Z9ruzAnaneH+neDmPvGNmObVGfUtQ/62xECLdZo4Z1va2k
Hn97oxdz7xCHN8IMenqPSlGniKYEppOS15tVRq77bPlzTSOd6VAwkwwz/TT44SMg
Iufc0BiEAU1qRdoGkivzotC8z8ODFUYrQzBsGiXZXPrjKK75J2Bg/ZDRHUsOHvL9
lOMnWEQmp0RVrEngOGdaBCNZnLH0XddvUgqK/hhmPfhazs5ztpXlAgMBAAGjggIc
MIICGDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFIKc0PLnoO+h6sQvnX+b1QANFwuZ
MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMHAGCCsGAQUFBwEBBGQw
YjAvBggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50LXgxLmxldHNlbmNyeXB0Lm9y
Zy8wLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14MS5sZXRzZW5jcnlwdC5v
cmcvMCMGA1UdEQQcMBqCDXd3dy5qYWNreS53dGaCCWphY2t5Lnd0ZjCCAQAGA1Ud
IASB+DCB9TAKBgZngQwBAgEwADCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUH
AgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyB
m1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVs
eWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2Vy
dGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3Jn
L3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQCVOT/18v1AGwWuogMXciMq
36xScTzuBPYXA34xBNmwDkaK8t970awVcAnoygGq3Hvm7FFYo3tvEWtbJFG+bWqb
HeE3CYnZnf0/8UybV4019ITN/wwxrJgk0Nh0V7f9kEQjobtGjAplZIDG+GLdnrvf
lAY04Tf4i3ZnlvCpCIurQJtx7oIGa+ryTfGAFvvJsRLefQ/gjZIVZda5nmbWWWq4
7/jeFs4qBt1fKCZY9ohpgg9Tfc3q+S5Rt0PreHgtpQPUh74MC7INyIlb/vVwS2bm
6kBAbFNOD69diFNnzw3jH6RHPbLvZEjyom6sM1WB5fjwplf0Tc6cRrUpFbTuNFu/
-----END CERTIFICATE-----
Here comes
Transport
layer
security
TLS uses...
Symmetric Encryption
Public Key Cryptography (we know who you are)
Every Message is MAC'd (no phonies)
Forward Secrecy (everything's legit)
Certificate pinning
THE FUTURE!!!1
No puppies were harmed in this GIF. Srsly.
COMMON
HTTP Layer
TLS 1.2 used by server
GZIP
Minification
EXPECTED
HTTP/2. Dassit.
HTTP/2
- Used to be SPDY (Google)
- Picked up by NGINX
- Twitter uses it (I THINK)
- ... HTTP's future
DASSIT.
SSL, We Used to Know You
By Jacky Alciné
SSL, We Used to Know You
This talk was presented at WaffleJS Feb 3, 2016. It provides a short story as to why SSL was created & deprecated, the use of TLS to replace it and how HTTP/2 incorporates security by default.
- 1,788