SlideShare a Scribd company logo

Atonomy of-a-tls-handshake-mini-conferentie

Download as PPTX, PDF
Michel Schudel
Michel Schudel

What happens, exactly, when you connect to a server using https? In this session, we'll explore the SSL/TLS protocol at the byte level, look at non-mutual and mutual TLS, and where to look when you have a connection problem.

Software
1 of 47
Ever wondered what goes on when you type https://www.google.com/ Inside your browser’s adress bar?
HTTPS Is the application of TLS (Transport Layer Security) on the http protocol TLS is (a set) of procotol(s) that facilitate secure communication between computers https://datatracker.ietf.org/doc/html/rfc5246
SSL /TLS history • 1995: SSL (Secure Socket Layer) 1.0 • 1998: TLS (Transport Security Layer) 1.0 • 2006 TLS 1.1 • 2008: TLS 1.2 • Support for more secure hashes • 2018: TLS 1.3 A protcol to ensure secure communication over unsecure channels
…but people still talk about SSL, mutual SSL etc? It’s actually TLS now, but SSL is the name people are used to
Symmetric encryption Asymmetric encryption Hashing Types of encryption
Basic steps connecting with https • Client sends encryption (cipher) options and random data • Server sends chosen cipher, random data and its certificate • Both parties generate exchange asymmetric keys • Both parties calculate symmetric keys using the asymmetric keys • Data exchange happens using symmetric encryption! (why?)
https://www.cryptologie.net/article/340/tls-pre-master-secrets-and-master-secrets/ • Diffie-Hellman • RSA Send certificate Encrypt with Public key / DH Decrypt with Private key /DH Generate symmetric key Generate symmetric key AES Encryption AES Encryption HTTPS Validate certificate Check digital signature
Server Client “Client Hello” 16 03 03 00 a5 01 00 00 a1 03 03 03 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 00 00 20 cc a8 cc a9 c0 2f c0 30 c0 2b c0 2c c0 13 c0 09 c0 14 c0 0a 00 9c 00 9d 00 2f 00 35 c0 12 00 0a 01 00 00 58 00 00 00 18 00 16 00 00 13 65 78 61 6d 70 6c 65 2e 75 6c 66 68 65 69 6d 2e 6e 65 74 00 05 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 Record header • 16 - type is 0x16 (handshake record) • 03 03 - protocol version is 3.3 (also known as TLS 1.2) • 00 a5 - 0xA5 (165) bytes of handshake message follows Handshake header • 01 - handshake message type 0x01 ("client hello") • 00 00 a1 - 0xA1 (161) bytes of client hello follows Client version • 03 03 - protocol version is 3.3 (also known as TLS 1.2)
Server Client “Client Hello” 16 03 03 00 a5 01 00 00 a1 03 03 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 00 00 20 cc a8 cc a9 c0 2f c0 30 c0 2b c0 2c c0 13 c0 09 c0 14 c0 0a 00 9c 00 9d 00 2f 00 35 c0 12 00 0a 01 00 00 58 00 00 00 18 00 16 00 00 13 65 78 61 6d 70 6c 65 2e 75 6c 66 68 65 69 6d 2e 6e 65 74 00 05 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 Client Random 32 bytes of random data
Server Client “Client Hello” 16 03 03 00 a5 01 00 00 a1 03 03 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 00 00 20 cc a8 cc a9 c0 2f c0 30 c0 2b c0 2c c0 13 c0 09 c0 14 c0 0a 00 9c 00 9d 00 2f 00 35 c0 12 00 0a 01 00 00 58 00 00 00 18 00 16 00 00 13 65 78 61 6d 70 6c 65 2e 75 6c 66 68 65 69 6d 2e 6e 65 74 00 05 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 Cipher suites • 00 20 - 0x20 (32) bytes of cipher suite data • cc a8 - assigned value for TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 • cc a9 - assigned value for TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 • c0 2f - assigned value for TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 • c0 13 - assigned value for TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
C0 13 - Selected Cipher Suite (TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) Elliptic Curve, Diffie-Hellman Exhange Symmetric Cipher Asymmetric Cipher Hashing Algorithm
Symmetric key exchange
Martin Hellman Whitfield Diffie
Server Client “Client Hello” 16 03 03 00 a5 01 00 00 a1 03 03 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 00 00 20 cc a8 cc a9 c0 2f c0 30 c0 2b c0 2c c0 13 c0 09 c0 14 c0 0a 00 9c 00 9d 00 2f 00 35 c0 12 00 0a 01 00 00 58 00 00 00 18 00 16 00 00 13 65 78 61 6d 70 6c 65 2e 75 6c 66 68 65 69 6d 2e 6e 65 74 00 05 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 DER extensions • Signature algorithms • Renegotiation info • EC Point formats • Supported Groups • Server name
Server Client “Server Hello” 16 03 03 00 31 02 00 00 2d 03 03 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f 00 c0 13 00 00 05 Server Random 32 bytes of random data Chosen cipher suite (TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
Server Client “Server Certificate” Client verifies this certificate using its truststore
Server Client “Server Key Exchange” • Record Header • Handshake Header (0c == server key exchange) • Curve info: curve x25519 • Public key: 32 bytes (NOT the certificates public key but an Ephemeral key) • Signature: signed data with certificate’s private key consisting of: • client_hello_random • server_hello_random • curve_info (curve x25519) • public_key (above) Generate private / public key pair Private key: 490AF345983BC405989052850984324 Public key: 655894509864096t5860985230958093
Server Client “Server Hello done” • Record Header • Handshake Header (0e == server hello done)
Now, it’s the client’s turn
Server Client “Client Key Exchange” • Record Header • Handshake Header (10 == client key exchange) • Public key: 32 bytes (NOT the certificates’ public key but an Ephemeral (or volatile) key) Generate private / public key pair
Server Client Encryption keys calculation Using: • server random (from Server Hello) • client random (from Client Hello) • server public key (from Server Key Exchange) • client private key (from Client Key Generation) PreMasterSecret = (server public key * client private key) MasterSecret = x Client will generate the following values: •client MAC key: 1b7d117c7d5f690bc263cae8ef60af0f1878acc2 •server MAC key: 2ad8bdd8c601a617126f63540eb20906f781fad2 •client write key: f656d037b173ef3e11169f27231a84b6 •server write key: 752a18e7a9fcb7cbcdd8f98dd8f769eb •client write IV: a0d2550c9238eebfef5c32251abb67d6 •server write IV: 434528db4937d540d393135e06a11b
Server Client Using: • server random (from Server Hello) • client random (from Client Hello) • client public key (from Client Key Exchange) • server private key (from Server Key Generation) (Pre)MasterSecret = (client public key * server private key) Client will generate the following values: •client MAC key: 1b7d117c7d5f690bc263cae8ef60af0f1878acc2 •server MAC key: 2ad8bdd8c601a617126f63540eb20906f781fad2 •client write key: f656d037b173ef3e11169f27231a84b6 •server write key: 752a18e7a9fcb7cbcdd8f98dd8f769eb •client write IV: a0d2550c9238eebfef5c32251abb67d6 •server write IV: 434528db4937d540d393135e06a11b •client MAC key: 1b7d117c7d5f690bc263cae8ef60af0f1878acc2 •server MAC key: 2ad8bdd8c601a617126f63540eb20906f781fad2 •client write key: f656d037b173ef3e11169f27231a84b6 •server write key: 752a18e7a9fcb7cbcdd8f98dd8f769eb •client write IV: a0d2550c9238eebfef5c32251abb67d6 •server write IV: 434528db4937d540d393135e06a11b Encryption keys calculation
Server Client “Change Cipher Spec” 14 03 03 00 01 01 Change Cipher Spec, all subsequent messages will be encrypted
Server Client “Handshake finished” • Record header (16) • Client write IV • Encrypted Data • Hash of all handshake messages • Encrypted by symmetric client write key (AES128-CBC) Server can use this to verify if the generated keys are actually correct
Electronic CopyBook Encryption (ECB) MiniConf MiniConf MiniConf 12345678 12345678 12345678
Cipher Block Chaining (IV )
Server Client “Change Cipher Spec” 14 03 03 00 01 01 Change Cipher Spec, all subsequent messages will be encrypted
Server Client “Handshake finished” Client can use this to verify if the generated keys are actually correct • Record header (16) • client write IV • Encrypted Data • Hash of all handshake messages • Encrypted by symmetric server write key (AES128-CBC)
Server Client “Application Data” • Record header (17 – application data) • Client write IV • Encrypted Data (CBC) “Ping” “0034F527AF085A” “Ping” Encrypt using client write key Decrypt using client write key
Server Client “Application Data” • Record header (17 – application data) • Server write IV • Encrypted Data “Pong” “1243FBC38F4E2A” “Pong” Decrypt using Server write key Encrypt using Server write key
Server Client “Server Certificate” Client verifies this certificate using its truststore So what happens when using mutual SSL?
Server Client “Client Certificate” Server verifies this certificate using its truststore So what happens when using mutual SSL?
Common errors and solutions
java.security.SecurityException: Handshake failed
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure Common problems Either the client did not receive a certifcate, or the server did not receive the client’s certificate Make sure both sides have a configured keystore and a configured certificate alias
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Common problems The certificate is self signed, or the certificate’s CA is not in the truststore Have a trust store that contains the certifcate’s CA
Exception in thread "main" java.net.SocketException: Software caused connection abort: recv failed Common problems In mutal SSL / TLS, the client certificate is not set up Configure a keystore on the client containing the correct certificate
Exception in thread "main" javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching (localhost) found Common problems The client received a certificate with a CN that does not match the server’s domain The server should a certificate with installed that matches the domain.
Exception in thread "main" javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) Common problems The client and server do not support at least one single protocol version or share at least one cipher suite The client and server should have common protocols and cipher suites configured.
@MichelSchudel

Recommended

Technical Overview of QUIC
Technical Overview of QUICTechnical Overview of QUIC
Technical Overview of QUICshigeki_ohtsu
 
SSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlSSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlMike Thompson
 
Enteprise Sync IT Data Sheets
Enteprise Sync IT Data SheetsEnteprise Sync IT Data Sheets
Enteprise Sync IT Data SheetsMarcus Grimaldo
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsSlawomir Jasek
 
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsCONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsPROIDEA
 
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Jakub Kałużny
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptxSomeone413715
 
SSL overview
SSL overviewSSL overview
SSL overviewTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 

Recommended

Technical Overview of QUIC
Technical Overview of QUICTechnical Overview of QUIC
Technical Overview of QUICshigeki_ohtsu
 
SSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlSSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlMike Thompson
 
Enteprise Sync IT Data Sheets
Enteprise Sync IT Data SheetsEnteprise Sync IT Data Sheets
Enteprise Sync IT Data SheetsMarcus Grimaldo
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsSlawomir Jasek
 
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsCONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsPROIDEA
 
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Jakub Kałużny
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptxSomeone413715
 
SSL overview
SSL overviewSSL overview
SSL overviewTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
3452 - Managing your applications
3452 - Managing your applications3452 - Managing your applications
3452 - Managing your applicationsTimothy McCormick
 
IMS Authentication with AKAv1 and AKAv2
IMS Authentication with AKAv1 and AKAv2 IMS Authentication with AKAv1 and AKAv2
IMS Authentication with AKAv1 and AKAv2 mohammad norozzudegan
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityamit bezalel
 
8.SSL encryption.ppt
8.SSL encryption.ppt8.SSL encryption.ppt
8.SSL encryption.pptNoName261177
 
crack satellite
crack satellite crack satellite
crack satellite TecnicoAInstrumentos
 
Wireless LAN Security Fundamentals
Wireless LAN Security FundamentalsWireless LAN Security Fundamentals
Wireless LAN Security FundamentalsAruba, a Hewlett Packard Enterprise company
 
Evolve Your Schemas in a Better Way! A Deep Dive into Avro Schema Compatibili...
Evolve Your Schemas in a Better Way! A Deep Dive into Avro Schema Compatibili...Evolve Your Schemas in a Better Way! A Deep Dive into Avro Schema Compatibili...
Evolve Your Schemas in a Better Way! A Deep Dive into Avro Schema Compatibili...HostedbyConfluent
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS HandshakeArpit Agarwal
 
J.burke HackMiami6
J.burke HackMiami6J.burke HackMiami6
J.burke HackMiami6Jesse Burke
 
Hitcon badge 2018
Hitcon badge 2018 Hitcon badge 2018
Hitcon badge 2018 Alan Lee
 
Microsoft Bluehat 2017: Mobile SSL Interception
Microsoft Bluehat 2017: Mobile SSL InterceptionMicrosoft Bluehat 2017: Mobile SSL Interception
Microsoft Bluehat 2017: Mobile SSL InterceptionHimanshu Dwivedi
 
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitches
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitchesDEF CON 23 - CASSIDY LEVERETT LEE - switches get stitches
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitchesFelipe Prado
 
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...Databricks
 
Introduction to Lightning Network
Introduction to Lightning NetworkIntroduction to Lightning Network
Introduction to Lightning NetworkAlan Carbery
 
A Pharo story on blockchain technology
A Pharo story on blockchain technologyA Pharo story on blockchain technology
A Pharo story on blockchain technologyESUG
 
project ppt on anti counterfeiting technique for credit card transaction system
project ppt on anti counterfeiting technique for credit card transaction systemproject ppt on anti counterfeiting technique for credit card transaction system
project ppt on anti counterfeiting technique for credit card transaction systemRekha dudiya
 
Secure socket later
Secure socket laterSecure socket later
Secure socket laterMuhammad Ahmad Nazar
 
MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)
MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)
MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)Art Schanz
 
Mitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksMitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksJaeYeoul Ahn
 
SHA_and_DS.pdf
SHA_and_DS.pdfSHA_and_DS.pdf
SHA_and_DS.pdfSantosh Gupta
 
Testing an onion architecture - done right
Testing an onion architecture - done rightTesting an onion architecture - done right
Testing an onion architecture - done rightMichel Schudel
 
What makes a high performance team tick?
What makes a high performance team tick?What makes a high performance team tick?
What makes a high performance team tick?Michel Schudel
 

More Related Content

Similar to Atonomy of-a-tls-handshake-mini-conferentie

3452 - Managing your applications
3452 - Managing your applications3452 - Managing your applications
3452 - Managing your applicationsTimothy McCormick
 
IMS Authentication with AKAv1 and AKAv2
IMS Authentication with AKAv1 and AKAv2 IMS Authentication with AKAv1 and AKAv2
IMS Authentication with AKAv1 and AKAv2 mohammad norozzudegan
 
8.SSL encryption.ppt
8.SSL encryption.ppt8.SSL encryption.ppt
8.SSL encryption.pptNoName261177
 
Evolve Your Schemas in a Better Way! A Deep Dive into Avro Schema Compatibili...
Evolve Your Schemas in a Better Way! A Deep Dive into Avro Schema Compatibili...Evolve Your Schemas in a Better Way! A Deep Dive into Avro Schema Compatibili...
Evolve Your Schemas in a Better Way! A Deep Dive into Avro Schema Compatibili...HostedbyConfluent
 
J.burke HackMiami6
J.burke HackMiami6J.burke HackMiami6
J.burke HackMiami6Jesse Burke
 
Hitcon badge 2018
Hitcon badge 2018 Hitcon badge 2018
Hitcon badge 2018 Alan Lee
 
Microsoft Bluehat 2017: Mobile SSL Interception
Microsoft Bluehat 2017: Mobile SSL InterceptionMicrosoft Bluehat 2017: Mobile SSL Interception
Microsoft Bluehat 2017: Mobile SSL InterceptionHimanshu Dwivedi
 
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitches
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitchesDEF CON 23 - CASSIDY LEVERETT LEE - switches get stitches
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitchesFelipe Prado
 
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...Databricks
 
Introduction to Lightning Network
Introduction to Lightning NetworkIntroduction to Lightning Network
Introduction to Lightning NetworkAlan Carbery
 
A Pharo story on blockchain technology
A Pharo story on blockchain technologyA Pharo story on blockchain technology
A Pharo story on blockchain technologyESUG
 
project ppt on anti counterfeiting technique for credit card transaction system
project ppt on anti counterfeiting technique for credit card transaction systemproject ppt on anti counterfeiting technique for credit card transaction system
project ppt on anti counterfeiting technique for credit card transaction systemRekha dudiya
 
MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)
MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)
MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)Art Schanz
 
Mitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksMitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksJaeYeoul Ahn
 

Similar to Atonomy of-a-tls-handshake-mini-conferentie (20)

3452 - Managing your applications
3452 - Managing your applications3452 - Managing your applications
3452 - Managing your applications
 
IMS Authentication with AKAv1 and AKAv2
IMS Authentication with AKAv1 and AKAv2 IMS Authentication with AKAv1 and AKAv2
IMS Authentication with AKAv1 and AKAv2
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
8.SSL encryption.ppt
8.SSL encryption.ppt8.SSL encryption.ppt
8.SSL encryption.ppt
 
crack satellite
crack satellite crack satellite
crack satellite
 
Wireless LAN Security Fundamentals
Wireless LAN Security FundamentalsWireless LAN Security Fundamentals
Wireless LAN Security Fundamentals
 
Evolve Your Schemas in a Better Way! A Deep Dive into Avro Schema Compatibili...
Evolve Your Schemas in a Better Way! A Deep Dive into Avro Schema Compatibili...Evolve Your Schemas in a Better Way! A Deep Dive into Avro Schema Compatibili...
Evolve Your Schemas in a Better Way! A Deep Dive into Avro Schema Compatibili...
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
 
J.burke HackMiami6
J.burke HackMiami6J.burke HackMiami6
J.burke HackMiami6
 
Hitcon badge 2018
Hitcon badge 2018 Hitcon badge 2018
Hitcon badge 2018
 
Microsoft Bluehat 2017: Mobile SSL Interception
Microsoft Bluehat 2017: Mobile SSL InterceptionMicrosoft Bluehat 2017: Mobile SSL Interception
Microsoft Bluehat 2017: Mobile SSL Interception
 
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitches
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitchesDEF CON 23 - CASSIDY LEVERETT LEE - switches get stitches
DEF CON 23 - CASSIDY LEVERETT LEE - switches get stitches
 
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...
Spark, GraphX, and Blockchains: Building a Behavioral Analytics Platform for ...
 
Introduction to Lightning Network
Introduction to Lightning NetworkIntroduction to Lightning Network
Introduction to Lightning Network
 
A Pharo story on blockchain technology
A Pharo story on blockchain technologyA Pharo story on blockchain technology
A Pharo story on blockchain technology
 
project ppt on anti counterfeiting technique for credit card transaction system
project ppt on anti counterfeiting technique for credit card transaction systemproject ppt on anti counterfeiting technique for credit card transaction system
project ppt on anti counterfeiting technique for credit card transaction system
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
 
MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)
MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)
MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)
 
Mitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksMitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacks
 
SHA_and_DS.pdf
SHA_and_DS.pdfSHA_and_DS.pdf
SHA_and_DS.pdf
 

More from Michel Schudel

Testing an onion architecture - done right
Testing an onion architecture - done rightTesting an onion architecture - done right
Testing an onion architecture - done rightMichel Schudel
 
What makes a high performance team tick?
What makes a high performance team tick?What makes a high performance team tick?
What makes a high performance team tick?Michel Schudel
 
Spring boot Under Da Hood
Spring boot Under Da HoodSpring boot Under Da Hood
Spring boot Under Da HoodMichel Schudel
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Michel Schudel
 
Battle Of The Microservice Frameworks: Micronaut versus Quarkus edition!
Battle Of The Microservice Frameworks: Micronaut versus Quarkus edition! Battle Of The Microservice Frameworks: Micronaut versus Quarkus edition!
Battle Of The Microservice Frameworks: Micronaut versus Quarkus edition! Michel Schudel
 
Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Michel Schudel
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Michel Schudel
 
Java n-plus-1-incl-demo-slides
Java n-plus-1-incl-demo-slidesJava n-plus-1-incl-demo-slides
Java n-plus-1-incl-demo-slidesMichel Schudel
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developersMichel Schudel
 
Let's build a blockchain.... in 40 minutes!
Let's build a blockchain.... in 40 minutes!Let's build a blockchain.... in 40 minutes!
Let's build a blockchain.... in 40 minutes!Michel Schudel
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developersMichel Schudel
 
Let's Build A Blockchain... in 40 minutes!
Let's Build A Blockchain... in 40 minutes!Let's Build A Blockchain... in 40 minutes!
Let's Build A Blockchain... in 40 minutes!Michel Schudel
 
Test your microservices with REST-Assured
Test your microservices with REST-AssuredTest your microservices with REST-Assured
Test your microservices with REST-AssuredMichel Schudel
 

More from Michel Schudel (16)

Testing an onion architecture - done right
Testing an onion architecture - done rightTesting an onion architecture - done right
Testing an onion architecture - done right
 
What makes a high performance team tick?
What makes a high performance team tick?What makes a high performance team tick?
What makes a high performance team tick?
 
Spring boot Under Da Hood
Spring boot Under Da HoodSpring boot Under Da Hood
Spring boot Under Da Hood
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019
 
Battle Of The Microservice Frameworks: Micronaut versus Quarkus edition!
Battle Of The Microservice Frameworks: Micronaut versus Quarkus edition! Battle Of The Microservice Frameworks: Micronaut versus Quarkus edition!
Battle Of The Microservice Frameworks: Micronaut versus Quarkus edition!
 
Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019
 
Micronaut brainbit
Micronaut brainbitMicronaut brainbit
Micronaut brainbit
 
Java n-plus-1-incl-demo-slides
Java n-plus-1-incl-demo-slidesJava n-plus-1-incl-demo-slides
Java n-plus-1-incl-demo-slides
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developers
 
Let's build a blockchain.... in 40 minutes!
Let's build a blockchain.... in 40 minutes!Let's build a blockchain.... in 40 minutes!
Let's build a blockchain.... in 40 minutes!
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developers
 
Let's Build A Blockchain... in 40 minutes!
Let's Build A Blockchain... in 40 minutes!Let's Build A Blockchain... in 40 minutes!
Let's Build A Blockchain... in 40 minutes!
 
What's new in Java 11
What's new in Java 11What's new in Java 11
What's new in Java 11
 
Java 9 overview
Java 9 overviewJava 9 overview
Java 9 overview
 
Test your microservices with REST-Assured
Test your microservices with REST-AssuredTest your microservices with REST-Assured
Test your microservices with REST-Assured
 

Recently uploaded

2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdfAndrey Devyatkin
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jNeo4j
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorTier1 app
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldRoberto Pérez Alcolea
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?Alexandre Beguel
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencessuser9e7c64
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsJean Silva
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...OnePlan Solutions
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxRTS corp
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shardsChristopher Curtin
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonApplitools
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...OnePlan Solutions
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slidesvaideheekore1
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfmaor17
 

Recently uploaded (20)

2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryError
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository world
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conference
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero results
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slides
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdf
 

Atonomy of-a-tls-handshake-mini-conferentie

  • 1.
  • 2. Ever wondered what goes on when you type https://www.google.com/ Inside your browser’s adress bar?
  • 3. HTTPS Is the application of TLS (Transport Layer Security) on the http protocol TLS is (a set) of procotol(s) that facilitate secure communication between computers https://datatracker.ietf.org/doc/html/rfc5246
  • 4. SSL /TLS history • 1995: SSL (Secure Socket Layer) 1.0 • 1998: TLS (Transport Security Layer) 1.0 • 2006 TLS 1.1 • 2008: TLS 1.2 • Support for more secure hashes • 2018: TLS 1.3 A protcol to ensure secure communication over unsecure channels
  • 5. …but people still talk about SSL, mutual SSL etc? It’s actually TLS now, but SSL is the name people are used to
  • 6. Symmetric encryption Asymmetric encryption Hashing Types of encryption
  • 7. Basic steps connecting with https • Client sends encryption (cipher) options and random data • Server sends chosen cipher, random data and its certificate • Both parties generate exchange asymmetric keys • Both parties calculate symmetric keys using the asymmetric keys • Data exchange happens using symmetric encryption! (why?)
  • 8. https://www.cryptologie.net/article/340/tls-pre-master-secrets-and-master-secrets/ • Diffie-Hellman • RSA Send certificate Encrypt with Public key / DH Decrypt with Private key /DH Generate symmetric key Generate symmetric key AES Encryption AES Encryption HTTPS Validate certificate Check digital signature
  • 9.
  • 10. Server Client “Client Hello” 16 03 03 00 a5 01 00 00 a1 03 03 03 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 00 00 20 cc a8 cc a9 c0 2f c0 30 c0 2b c0 2c c0 13 c0 09 c0 14 c0 0a 00 9c 00 9d 00 2f 00 35 c0 12 00 0a 01 00 00 58 00 00 00 18 00 16 00 00 13 65 78 61 6d 70 6c 65 2e 75 6c 66 68 65 69 6d 2e 6e 65 74 00 05 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 Record header • 16 - type is 0x16 (handshake record) • 03 03 - protocol version is 3.3 (also known as TLS 1.2) • 00 a5 - 0xA5 (165) bytes of handshake message follows Handshake header • 01 - handshake message type 0x01 ("client hello") • 00 00 a1 - 0xA1 (161) bytes of client hello follows Client version • 03 03 - protocol version is 3.3 (also known as TLS 1.2)
  • 11. Server Client “Client Hello” 16 03 03 00 a5 01 00 00 a1 03 03 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 00 00 20 cc a8 cc a9 c0 2f c0 30 c0 2b c0 2c c0 13 c0 09 c0 14 c0 0a 00 9c 00 9d 00 2f 00 35 c0 12 00 0a 01 00 00 58 00 00 00 18 00 16 00 00 13 65 78 61 6d 70 6c 65 2e 75 6c 66 68 65 69 6d 2e 6e 65 74 00 05 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 Client Random 32 bytes of random data
  • 12. Server Client “Client Hello” 16 03 03 00 a5 01 00 00 a1 03 03 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 00 00 20 cc a8 cc a9 c0 2f c0 30 c0 2b c0 2c c0 13 c0 09 c0 14 c0 0a 00 9c 00 9d 00 2f 00 35 c0 12 00 0a 01 00 00 58 00 00 00 18 00 16 00 00 13 65 78 61 6d 70 6c 65 2e 75 6c 66 68 65 69 6d 2e 6e 65 74 00 05 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 Cipher suites • 00 20 - 0x20 (32) bytes of cipher suite data • cc a8 - assigned value for TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 • cc a9 - assigned value for TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 • c0 2f - assigned value for TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 • c0 13 - assigned value for TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • 13. C0 13 - Selected Cipher Suite (TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) Elliptic Curve, Diffie-Hellman Exhange Symmetric Cipher Asymmetric Cipher Hashing Algorithm
  • 16.
  • 17. Server Client “Client Hello” 16 03 03 00 a5 01 00 00 a1 03 03 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 00 00 20 cc a8 cc a9 c0 2f c0 30 c0 2b c0 2c c0 13 c0 09 c0 14 c0 0a 00 9c 00 9d 00 2f 00 35 c0 12 00 0a 01 00 00 58 00 00 00 18 00 16 00 00 13 65 78 61 6d 70 6c 65 2e 75 6c 66 68 65 69 6d 2e 6e 65 74 00 05 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 12 00 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 DER extensions • Signature algorithms • Renegotiation info • EC Point formats • Supported Groups • Server name
  • 18. Server Client “Server Hello” 16 03 03 00 31 02 00 00 2d 03 03 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f 00 c0 13 00 00 05 Server Random 32 bytes of random data Chosen cipher suite (TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
  • 19. Server Client “Server Certificate” Client verifies this certificate using its truststore
  • 20.
  • 21. Server Client “Server Key Exchange” • Record Header • Handshake Header (0c == server key exchange) • Curve info: curve x25519 • Public key: 32 bytes (NOT the certificates public key but an Ephemeral key) • Signature: signed data with certificate’s private key consisting of: • client_hello_random • server_hello_random • curve_info (curve x25519) • public_key (above) Generate private / public key pair Private key: 490AF345983BC405989052850984324 Public key: 655894509864096t5860985230958093
  • 22. Server Client “Server Hello done” • Record Header • Handshake Header (0e == server hello done)
  • 23. Now, it’s the client’s turn
  • 24. Server Client “Client Key Exchange” • Record Header • Handshake Header (10 == client key exchange) • Public key: 32 bytes (NOT the certificates’ public key but an Ephemeral (or volatile) key) Generate private / public key pair
  • 25. Server Client Encryption keys calculation Using: • server random (from Server Hello) • client random (from Client Hello) • server public key (from Server Key Exchange) • client private key (from Client Key Generation) PreMasterSecret = (server public key * client private key) MasterSecret = x Client will generate the following values: •client MAC key: 1b7d117c7d5f690bc263cae8ef60af0f1878acc2 •server MAC key: 2ad8bdd8c601a617126f63540eb20906f781fad2 •client write key: f656d037b173ef3e11169f27231a84b6 •server write key: 752a18e7a9fcb7cbcdd8f98dd8f769eb •client write IV: a0d2550c9238eebfef5c32251abb67d6 •server write IV: 434528db4937d540d393135e06a11b
  • 26. Server Client Using: • server random (from Server Hello) • client random (from Client Hello) • client public key (from Client Key Exchange) • server private key (from Server Key Generation) (Pre)MasterSecret = (client public key * server private key) Client will generate the following values: •client MAC key: 1b7d117c7d5f690bc263cae8ef60af0f1878acc2 •server MAC key: 2ad8bdd8c601a617126f63540eb20906f781fad2 •client write key: f656d037b173ef3e11169f27231a84b6 •server write key: 752a18e7a9fcb7cbcdd8f98dd8f769eb •client write IV: a0d2550c9238eebfef5c32251abb67d6 •server write IV: 434528db4937d540d393135e06a11b •client MAC key: 1b7d117c7d5f690bc263cae8ef60af0f1878acc2 •server MAC key: 2ad8bdd8c601a617126f63540eb20906f781fad2 •client write key: f656d037b173ef3e11169f27231a84b6 •server write key: 752a18e7a9fcb7cbcdd8f98dd8f769eb •client write IV: a0d2550c9238eebfef5c32251abb67d6 •server write IV: 434528db4937d540d393135e06a11b Encryption keys calculation
  • 27. Server Client “Change Cipher Spec” 14 03 03 00 01 01 Change Cipher Spec, all subsequent messages will be encrypted
  • 28. Server Client “Handshake finished” • Record header (16) • Client write IV • Encrypted Data • Hash of all handshake messages • Encrypted by symmetric client write key (AES128-CBC) Server can use this to verify if the generated keys are actually correct
  • 29. Electronic CopyBook Encryption (ECB) MiniConf MiniConf MiniConf 12345678 12345678 12345678
  • 31. Server Client “Change Cipher Spec” 14 03 03 00 01 01 Change Cipher Spec, all subsequent messages will be encrypted
  • 32. Server Client “Handshake finished” Client can use this to verify if the generated keys are actually correct • Record header (16) • client write IV • Encrypted Data • Hash of all handshake messages • Encrypted by symmetric server write key (AES128-CBC)
  • 33.
  • 34. Server Client “Application Data” • Record header (17 – application data) • Client write IV • Encrypted Data (CBC) “Ping” “0034F527AF085A” “Ping” Encrypt using client write key Decrypt using client write key
  • 35. Server Client “Application Data” • Record header (17 – application data) • Server write IV • Encrypted Data “Pong” “1243FBC38F4E2A” “Pong” Decrypt using Server write key Encrypt using Server write key
  • 36.
  • 37. Server Client “Server Certificate” Client verifies this certificate using its truststore So what happens when using mutual SSL?
  • 38. Server Client “Client Certificate” Server verifies this certificate using its truststore So what happens when using mutual SSL?
  • 39. Common errors and solutions
  • 41. Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure Common problems Either the client did not receive a certifcate, or the server did not receive the client’s certificate Make sure both sides have a configured keystore and a configured certificate alias
  • 42. Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Common problems The certificate is self signed, or the certificate’s CA is not in the truststore Have a trust store that contains the certifcate’s CA
  • 43. Exception in thread "main" java.net.SocketException: Software caused connection abort: recv failed Common problems In mutal SSL / TLS, the client certificate is not set up Configure a keystore on the client containing the correct certificate
  • 44. Exception in thread "main" javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching (localhost) found Common problems The client received a certificate with a CN that does not match the server’s domain The server should a certificate with installed that matches the domain.
  • 45. Exception in thread "main" javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) Common problems The client and server do not support at least one single protocol version or share at least one cipher suite The client and server should have common protocols and cipher suites configured.
  • 46.

Editor's Notes

  1. Modern cryptograph y can be split into two kinds: symmetric encryption, which we will see in a bit, en asymmetric encryption, also know as public-key cryptography. Both have different properties, advantages and disadvantages, and applications.
  2. So here it all comes together! The server sends its certificate to the client, which will check the authentiity of it by verifying the digital signature using the public key of the CA certificate in it’s root store. The client now generates a random secret number (the pre master secret) and encrypts it using the servers’public key. The secret number is decrypted by the server, and both client and server use the selected cipher to generate a key
  3. One thing we haven’t talked about: how to exchange secret keys? You could try to exhange them in bags, diplomatic posts… but maybe there’s a better way!
  4. So, in 1976, these two Cryptographers, Martin Hellman and Whitfield Diffie, found a way to get a secret key to both parties over an unsecure channel while both parties are completely safe from eavesdroppers. They won the Turing award in 2015, almost 40 years too late if you ask me. Their solution is briljant in its simplicity.
  5. This is called the Diffie-Hellman key exchange, and is an example of asymmetric encryption. (explain) so this is briljant, and is still begin used in the https handshake today, as an option to generate secret keys, as we will see.