What s Your HTTPS Grade? A Case Study of HTTPS/SSL at Mid Michigan Community College. Brandon

(1)

What’s Your HTTPS Grade?

A Case Study of HTTPS/SSL at Mid Michigan

Community College

Brandon Kish

@kishba

(2)

About Me

Director of Programming 

Mid Michigan Community College

~4,500 students

Former Blackboard Administrator 

Central Michigan University

~27,000 students

Former Moodle Administrator at

MMCC

I love web technology

@kishba

(3)

🔒 Why HTTPS?

(4)

Do you want your sensitive

data traveling through a

(5)

Man-In-The-Middle

(6)

Man-In-The-Middle

• ISPs (injecting ads, tracking cookies/scripts)

• Verizon/AT&T

• Gogo

• Even certain employers & organizations might do

(7)

Usernames and Passwords

1. People re-use passwords

2. Institutions with LDAP likely have multiple systems

prompt for passwords

(8)

What does this have to do

with Moodle?

• Don’t let Moodle be your weak link!

• Enable HTTPS on your login screen

(9)

✅ HTTPS

(10)

NOT ALL HTTPS IS

EQUAL!

(11)

NOT ALL HTTPS IS EQUAL!

1. Deprecated Protocols

2. Weak Ciphers

3. Weak Certificates

(12)

1. Protocol: SSL vs. TLS

• “A cryptographic protocol by any other name

would be as secure?” – Infosec Shakespeare

• SSL is dead. Long live SSL*! 

(Transport Layer Security)

(13)

Cryptography 101

• (A)lice is trying to tell (B)ob a secret, but (E)ve is

listening in.

• “A communicating with B with E trying to

eavesdrop”

• Alice can use the advertised key from Bob to

generate gibberish, and only the private key Bob

used to generate the public/advertised certificate

can unlock/translate the gibberish.

(14)

2. Weak Ciphers

• Cipher = algorithm for producing (and

understanding) gibberish 

ay2varjSFUMUmtvZeh9755GVyCkWHG0

• Browser and web server have to use the same

cipher

• If a server accepts weak ciphers, attackers will use

(15)

Weak Ciphers (continued)

Browser

Server

ECDHE-ECDSA-AES128-GCM-SHA256

ECDHE-RSA-AES128-GCM-SHA256

DHE-RSA-AES128-GCM-SHA256

ECDHE-ECDSA-CHACHA20-POLY1305-SHA256

ECDHE-RSA-CHACHA20-POLY1305-SHA256128

DHE-RSA-CHACHA20-POLY1305-SHA256128

ECDHE-ECDSA-AES256-SHA256

ECDHE-RSA-AES256-SHA

DHE-RSA-AES256-SHA256

ECDHE-ECDSA-AES128-SHA128

ECDHE-RSA-AES128-SHA128

DHE-RSA-AES128-SHA128

RSA-AES128-GCM-SHA256128

RSA-AES256-SHA256

RSA-AES128-SHA

RSA-3DES-EDE-SHA168

ECDHE-RSA-AES128-GCM-SHA256

ECDHE-RSA-AES128-SHA256

ECDHE-RSA-AES128-SHA

AES128-GCM-SHA256

AES128-SHA256

AES128-SHA

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES256-SHA384

ECDHE-RSA-AES256-SHA

AES256-GCM-SHA384

AES256-SHA256

AES256-SHA

ECDHE-RSA-DES-CBC3-SHA

DES-CBC3-SHA

https://cc.dcsec.uni-hannover.de

https://www.ssllabs.com/ssltest/analyze.html?

d=moodle.midmich.edu

(16)

1+2 = Downgrade attacks

• Forcing communication with a weak cipher

• Forcing communication over an older protocol

• POODLE (October 2014 variant) affected SSL 3

(17)

3. Weak Certificates

• The public key, certificate, and private keys we’ve talked about are

generated with a particular algorithm

• Google Online Security Blog:

The SHA-1 cryptographic hash algorithm has been known to be

considerably weaker than it was designed to be since at least 2005

— 9 years ago. Collision attacks against SHA-1 are too affordable

for us to consider it safe for the public web PKI. We can only expect

that attacks will get cheaper.

• Officially deprecated in 2011, but many certificate providers continued to

issue certificates with this algorithm. SHA-2/SHA-256 is now preferred.

(18)

4. Bugs in Encryption Libraries

• The previous problems were all about the design of

the security we use

• Implementations of SSL/TLS are a whole source of

vulnerabilities in their own right!

• OpenSSL is used in everything from Apache to

card entry doors :)

(19)

NOT ALL HTTPS IS EQUAL!

1. Deprecated Protocols

2. Weak Ciphers

3. Weak Certificates

(20)

What does this mean

for my institution?

Case Study: Mid Michigan Community College

November 2014 – March 2015

(21)

Our Web Sites

midmich.edu

www.

midmich.edu

Expires 12/2015

$

moodle.

midmich.edu

Expires 12/2016

$

midweb.

midmich.edu

Expires 8/2015

$

print.

midmich.edu

*. midmich.edu

Expires 12/2015

$$$

Wildcar

d

certificate

for lower cost

than many

separate

certificates

One expiration

date for this one

wildcar

d

certificate

(22)

Our Web Servers

midmich.edu

www.

midmich.edu

Apache

moodle.

midmich.edu

nginx

midweb.

midmich.edu

Tomcat

(23)

Wildcard Cert Realities

• Different servers expect different formats for

certificate and/or private key

• p12, pfx, p7b, pem, der, oh my!

• Missing certain chained certificates (I’m looking

at you Tomcat) causes mobile browsers to fail to

connect

(24)

Managing our certificates

was a nightmare we tried to

limit to once every four years.

TL;DR #1

Wikipedia:

Too long;

didn’t read

(25)

Qualsys SSL Labs

www.ssllabs.com

(26)

(27)

(28)

(29)

Our Grades

midmich.edu

www.

midmich.edu

C/F

POODLE, DH, FREAK

moodle.

midmich.edu

B

SSL 3

midweb.

midmich.edu

F

POODLE, Bad chain

(30)

Our web servers had inconsistent

and insecure configurations.

(And we’re only as strong as

weakest link.)

(31)

Option 1

• Update each web server individually

• Tomcat: Edit server.xml

sslProtocol="TLS"

sslEnabledProtocols=“TLSv1.2,TLSv1.1,TLSv1"

ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TL

S_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WI

TH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_

CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WI

TH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SH

A,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AE

S_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"

(32)

Option 1

• Update each web server individually

• Apache: Edit ssl mod’s ssl.conf file

SSLProtocol all -SSLv2 -SSLv3

SSLHonorCipherOrder on

SSLCipherSuite "EECDH+ECDSA+AESGCM \

EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 \

EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 \

EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \

EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW \

!3DES !MD5 !EXP !PSK !SRP !DSS"

(33)

Option 1

• Update each web server individually

(34)

Option 2

• Load balancer(s) in front of all our web systems

• nginx was already doing this for our Moodle app

servers: See Matt Rice’s “A Balanced Approach:

How to Direct Your Moodle Traffic”

• I had used F5 appliances at another institution

(35)

Option 2,

Visualized

(36)

global

log /dev/log local0

log /dev/log local1 notice chroot /var/lib/haproxy user haproxy

group haproxy daemon

# Default SSL material locations

ca-base /etc/ssl/certs crt-base /etc/ssl/private

# Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL).

ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:aRSA+3DES:!RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL ssl-default-bind-options no-sslv3 defaults log global mode http option httplog

option log-separate-errors # Separate error logs from access logs

balance roundrobin option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend load_balancers

## Binding to both test (192.) and production (67.) IP addresses #HTTP bind 192.168.1.90:80 bind 67.209.249.176:80 #HTTPS bind 192.168.1.90:443 ssl crt /etc/ssl/private/wildcard.midmich.edu.pem bind 67.209.249.176:443 ssl crt /etc/ssl/private/wildcard.midmich.edu.pem ######################## ## Moodle #############

acl dest_moodle_prod hdr(host) -i moodle.midmich.edu use_backend moodle_prod_nodes if dest_moodle_prod

########################

backend moodle_prod_nodes option forwardfor

option http-server-close

http-request set-header X-Forwarded-Port %[dst_port]

http-request set-header X-Forwarded-Proto https if { ssl_fc }

option httpchk HEAD /admin/tool/heartbeat/index.php HTTP/1.1\r\nUser-Agent:\ HAProxy\r\nHost:\

# Redirect all traffic to HTTPS

redirect scheme https if !{ ssl_fc }

# Do NOT inject this cookie; however, if it exists, send the user to the appropriate server

cookie MAPPSERVER indirect nocache preserve

server mapp1 192.68.1.71:80 check inter 2000 cookie mapp1 server mapp2 192.68.1.72:80 check inter 2000 cookie mapp2

server mapp3 192.68.1.73:80 check inter 2000 cookie mapp3 backup

fic

to https at the load

balancer level!

(42)

global

log /dev/log local0

########################

List the servers in the

pool –

we keep our

worker server as a

“backup”

(43)

Advantages

• New vulnerabilities and cipher preferences can be

managed for all web systems by tweaking our

HAProxy configuration

• We can renew or update our wildcard certificate in

one location – now we’re more likely to revoke and

reissue!

TL;DR #2

(44)

More Advantages (for MMCC)

• Two production HAProxy VMs share an IP address

• When a particular web site goes down, we can put up a

standard error page with our help desk info (and possibly a

system status page!)

• Configuring HTTPS for new web systems is much easier – copy

& paste from sections of the configuration file!

• We can have test load balancers – just change host file on local

computer to use our test HAProxy server’s configuration

• We were able to launch a CMS at the same URL and keep the

(45)

Making the Case

for HTTPS

(46)

Why encrypt “regular” content?

https.cio.gov/everything “Today, there is no such thing as non-sensitive web

traffic, and public services should not depend on the benevolence of

network operators.”

Google is giving preference to HTTPS content. Apple emphasizing in iOS 9.

Doesn’t encrypting all requests make them slower?

istlsfastyet.com “TLS has exactly one performance problem: it is not used

widely enough.”

The Changelog #161: HTTP/2 (formerly SPDY) only supported over TLS by

major browsers.

Certificates are expensive!

letsencrypt.org EFF launching in September 2015

(47)

(48)

Letting go of IE 6

Download IE 6 VM

from Moder

n.IE and

see how much of the

(49)

(50)

(51)

Embedding Challenges

Step 1:

Try changing

http

→https

in

the URL

Step 2:

Provide link to

original video

(52)