SlideShare a Scribd company logo

SSL/TLS for Mortals (Devoxx)

M
Maarten Mulders

The document discusses issues related to SSL/TLS protocols and certificate validation errors, specifically highlighting a javax.net.ssl.SSLHandshakeException occurring due to a failure to build a valid certification path. It covers key concepts in public/private key encryption, signing certificates, and the roles of certificate authorities. Additionally, it emphasizes security best practices, including recommendations to avoid SSL and trust only valid certificates.

Technology
1 of 41
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
SSL/TLS for Mortals (Devoxx)
T L S Awesome Sauce, or... Maarten Mulders (@mthmulders)#tlsformortals
H Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertif cate(ClientHandshaker.java:1506) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at sun.net. .protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) at sun.net. .protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net. .protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512) at sun.net. .protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440) at sun.net. .protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at it.mulders.maarten.Demo.main(Demo.java:13) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExc at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertif cate(ClientHandshaker.java:1488) 13 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to f nd valid certif cation path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) Maarten Mulders (@mthmulders)#tlsformortals
SSL/TLS for Mortals (Devoxx)
7 L OSI M data unit layers Data Data Data Segments Packets Application  Network Process to Application Presentation  Data Representation  and Encryption Session  Interhost Communication Transport  End­to­End Connections  and Reliability Network  Path Determination and  Host Layers Maarten Mulders (@mthmulders)#tlsformortals
H SSL TLS SSL 1.0 never released SSL 2.0 1995 - 2011 (POODLE) SSL 3.0 1996 - 2014 (POODLE) TLS 1.0 1999 - 2011 (BEAST) TLS 1.1 2006 TLS 1.2 2008 TLS 1.3 2018 Maarten Mulders (@mthmulders)#tlsformortals
D What's the issue?! Maarten Mulders (@mthmulders)#tlsformortals
H 1. public/private key encryption 2. signed certificates 3. certificate authorities Maarten Mulders (@mthmulders)#tlsformortals
1 P P K E Maarten Mulders (@mthmulders)#tlsformortals
SSL/TLS for Mortals (Devoxx)
SSL/TLS for Mortals (Devoxx)
M 1. Select two prime numbers: 2. Calculate product: 3. Select random number < product: 4. Find d, so that a. b. c. d. p = 11, q = 17 p ∗ q = 187 e = 3 (d ∗ e) − 1 mod (p − 1) ∗ (q − 1) = 0 (d ∗ 3) − 1 mod (10 ∗ 16) = 0 320 mod 160 = 0 (321 − 1) mod 160 = 0 (107 ∗ 3) = 321 ⇒ d = 107 Maarten Mulders (@mthmulders)#tlsformortals
N , P Q 1. 2. Find d, so that Pretty hard without knowing and ! As soon as we know , calculating is trivial (again). p ∗ q = 299, e = 5 (d ∗ e) − 1 mod (p − 1) ∗ (q − 1) = 0 p q p = 13, q = 23 d = 317 Maarten Mulders (@mthmulders)#tlsformortals
For big enough and , finding those factors will cost an eternity! So we can distribute and even ! p q p ∗ q e Maarten Mulders (@mthmulders)#tlsformortals
L "G" p ∗ q = 187, e = 3, G ⇒ 7 = = 3437 e 7 3 343 mod 187 = 156 Maarten Mulders (@mthmulders)#tlsformortals
L "156" Since we know and , we can calculatep q d = 107 = ≈ 4.6 ∗156 d 156 107 10 234 mod 187 = 7156 107 7 ⇒ G Maarten Mulders (@mthmulders)#tlsformortals
SSL/TLS for Mortals (Devoxx)
N Client Server 1 ClientHello → 2 ← ServerHello 3 ← Certificate 4 ← ServerKeyExchange 5 ← ServerHelloDone 6 ClientKeyExchange → 7 ChangeCipherSpec → 8 Finished → 9 ← ChangeCipherSpec 10 ← Finished Maarten Mulders (@mthmulders)#tlsformortals
D No-one is eavesdropping! Maarten Mulders (@mthmulders)#tlsformortals
2 S C Maarten Mulders (@mthmulders)#tlsformortals
A certificate contains: Serial Number Subject Validity Usage Public Key Fingerprint Algorithm Fingerprint Maarten Mulders (@mthmulders)#tlsformortals
But wait... anyone could create a certificate! So we also need Signature Algorithm Signature Issuer ... and a way to sign certificates. Maarten Mulders (@mthmulders)#tlsformortals
SSL/TLS for Mortals (Devoxx)
A signature is a mathematical relationship between a message , a private key and a public key . It consists of two functions: 1. signing function 2. verifying function So, given and and knowing , we can tell if is indeed signed by . x sk pk t = f (sk, x) [accept, reject] = g(pk, t, x) x t pk x sk Maarten Mulders (@mthmulders)#tlsformortals
3 C A Maarten Mulders (@mthmulders)#tlsformortals
An entity that issues digital certificates, certifying the ownership of a public key by the subject of the certificate. Maarten Mulders (@mthmulders)#tlsformortals
I John ? Alice So, who is John, anyway? Many John's in todays browsers and operating systems! “I can trust you, because I trust John, and John trusts Alice, and Alice trusts you. Maarten Mulders (@mthmulders)#tlsformortals
Top-notch security procedures, including "key ceremonies" Maarten Mulders (@mthmulders)#tlsformortals
SSL/TLS for Mortals (Devoxx)
SSL/TLS for Mortals (Devoxx)
/** intentionally left blank */ Maarten Mulders (@mthmulders)#tlsformortals
W Google blacklists 247 certificates in Chromium Microsoft removes the DigiNotar root certificate from all supported Windows-releases * Mozilla revokes trust in the DigiNotar root certificate in all supported versions Apple issued Security Update 2011-005 Update Certificate Revocation Lists (although these are self-Maarten Mulders (@mthmulders)#tlsformortals
D Trust (for what it's worth) Maarten Mulders (@mthmulders)#tlsformortals
T , T T Maarten Mulders (@mthmulders)#tlsformortals
Simple HTTP client with TLS support: curl ­v ­k <address> Troubleshoot trust issues and see certificates being used: openssl s_client ­showcerts ­servername <address> ­ connect <address>:443 Troubleshoot supported protocols, ciphers, ...: nmap ­­script ssl­enum­ciphers ­p 443 <address> Maarten Mulders (@mthmulders)#tlsformortals
JVM S ­Djavax.net.ssl.trustStore=<file> Denotes where a truststore can be found: a file that contains trusted certs. ­Djavax.net.ssl.trustStorePassword=changeit is the password to that file. Maarten Mulders (@mthmulders)#tlsformortals
JVM S ­Djavax.net.ssl.keyStore=<file> Denotes where a keystore can be found: a file that contains public and/or private keys. ­Djavax.net.ssl.keyStorePassword=changeit is the password to that file. Maarten Mulders (@mthmulders)#tlsformortals
JVM S ­Djavax.net.debug=ssl[:flag] Include debug logging for TLS handshake and connections. Additional flags: record session sessioncache pluggability plaintext handshake defaultctx keymanager data packet keygen sslctx trustmanager verbose Maarten Mulders (@mthmulders)#tlsformortals
P Maarten Mulders (@mthmulders)#tlsformortals
P - 1. Don't use SSL! Use TLS v1.2 or v1.3. 2. Be careful whom you trust! 3. When in doubt, open your toolbox: openssl, curl, nmap and Portecle Maarten Mulders (@mthmulders)#tlsformortals
Q P D I Router by unknown author Maarten Mulders (@mthmulders)#tlsformortals

More Related Content

PDF
SSL/TLS for Mortals (UtrechtJUG)
Maarten Mulders
 
PDF
SSL/TLS for Mortals (Lockdown Lecture)
Maarten Mulders
 
PDF
The Ring programming language version 1.7 book - Part 64 of 196
Mahmoud Samir Fayed
 
PDF
Guess the distribution
Rasmus Bååth
 
PPT
Ch10
kinnarshah8888
 
PDF
SSL/TLS for Mortals (Oracle Groundbreaker EMEA Virtual Tour)
Maarten Mulders
 
PDF
SSL/TLS for Mortals (Devoxx UK)
Maarten Mulders
 
PDF
SSL/TLS for Mortals (JavaLand)
Maarten Mulders
 
SSL/TLS for Mortals (UtrechtJUG)
Maarten Mulders
 
SSL/TLS for Mortals (Lockdown Lecture)
Maarten Mulders
 
The Ring programming language version 1.7 book - Part 64 of 196
Mahmoud Samir Fayed
 
Guess the distribution
Rasmus Bååth
 
Ch10
kinnarshah8888
 
SSL/TLS for Mortals (Oracle Groundbreaker EMEA Virtual Tour)
Maarten Mulders
 
SSL/TLS for Mortals (Devoxx UK)
Maarten Mulders
 
SSL/TLS for Mortals (JavaLand)
Maarten Mulders
 

Similar to SSL/TLS for Mortals (Devoxx) (20)

PDF
SSL/TLS for Mortals (JAX DE 2018)
Maarten Mulders
 
PDF
SSL/TLS for Mortals (JavaZone)
Maarten Mulders
 
PDF
SSL/TLS for Mortals (GOTO Berlin)
Maarten Mulders
 
PDF
SSL/TLS for Mortals (JavaOne 2017)
Maarten Mulders
 
PDF
SSL/TLS for Mortals (J-Fall)
Maarten Mulders
 
PDF
SSL/TLS for Mortals (DevNexus)
Maarten Mulders
 
PDF
SSL/TLS for Mortals (Devoxx FR 2018)
Maarten Mulders
 
PDF
SSL/TLS for Mortals (Voxxed Days Luxembourg)
Maarten Mulders
 
PDF
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
JPCERT Coordination Center
 
PDF
Securing Data in Transit -
wolfSSL
 
PDF
TLS/SSL Internet Security Talk
Nisheed KM
 
PDF
SSL: Past, Present and Future
Luis Grangeia
 
PDF
SSL: Past, Present and Future
Tiago Mendo
 
PPTX
Certificate pinning in android applications
Arash Ramez
 
PDF
"The Sorry State of SSL" Hynek Schlawack, PyConRu 2014
it-people
 
PDF
wolfSSL and TLS 1.3
wolfSSL
 
PDF
How ssl works
Saptarshi Basu
 
PPT
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
PDF
SSL and TLS Theory and Practice 3rd Edition Rolf Oppliger
aribonkathy
 
PDF
#MoreCrypto : Introduction to TLS
Olle E Johansson
 
SSL/TLS for Mortals (JAX DE 2018)
Maarten Mulders
 
SSL/TLS for Mortals (JavaZone)
Maarten Mulders
 
SSL/TLS for Mortals (GOTO Berlin)
Maarten Mulders
 
SSL/TLS for Mortals (JavaOne 2017)
Maarten Mulders
 
SSL/TLS for Mortals (J-Fall)
Maarten Mulders
 
SSL/TLS for Mortals (DevNexus)
Maarten Mulders
 
SSL/TLS for Mortals (Devoxx FR 2018)
Maarten Mulders
 
SSL/TLS for Mortals (Voxxed Days Luxembourg)
Maarten Mulders
 
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
JPCERT Coordination Center
 
Securing Data in Transit -
wolfSSL
 
TLS/SSL Internet Security Talk
Nisheed KM
 
SSL: Past, Present and Future
Luis Grangeia
 
SSL: Past, Present and Future
Tiago Mendo
 
Certificate pinning in android applications
Arash Ramez
 
"The Sorry State of SSL" Hynek Schlawack, PyConRu 2014
it-people
 
wolfSSL and TLS 1.3
wolfSSL
 
How ssl works
Saptarshi Basu
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
SSL and TLS Theory and Practice 3rd Edition Rolf Oppliger
aribonkathy
 
#MoreCrypto : Introduction to TLS
Olle E Johansson
 
Ad

More from Maarten Mulders (20)

PDF
What's cooking in Maven? (Devoxx FR)
Maarten Mulders
 
PDF
Making Maven Marvellous (Devnexus)
Maarten Mulders
 
PDF
Making Maven Marvellous (Java.il)
Maarten Mulders
 
PDF
Making Maven Marvellous (JavaZone)
Maarten Mulders
 
PDF
Dapr: Dinosaur or Developer's Dream? (v1)
Maarten Mulders
 
PDF
Dapr: Dinosaur or Developer Dream? (J-Fall)
Maarten Mulders
 
PDF
React in 40 minutes (Voxxed Days Romania)
Maarten Mulders
 
PDF
React in 40 minutes (JCON)
Maarten Mulders
 
PDF
React in 50 minutes (Bucharest Software Craftsmanship Community)
Maarten Mulders
 
PDF
React in 50 Minutes (JNation)
Maarten Mulders
 
PDF
Making Maven Marvellous (J-Fall)
Maarten Mulders
 
PDF
Building a DSL with GraalVM (Oracle Groundbreaker APAC Virtual Tour)
Maarten Mulders
 
PDF
Building a DSL with GraalVM (javaBin online)
Maarten Mulders
 
PDF
React in 50 Minutes (OpenValue)
Maarten Mulders
 
PDF
React in 50 Minutes (DevNexus)
Maarten Mulders
 
PDF
React in 45 Minutes (Jfokus)
Maarten Mulders
 
PDF
Building web applications with React (Jfokus)
Maarten Mulders
 
PDF
Building a DSL with GraalVM (CodeOne)
Maarten Mulders
 
PDF
Building a DSL with GraalVM (Full Stack Antwerpen)
Maarten Mulders
 
PDF
Building a DSL with GraalVM (Devoxx PL)
Maarten Mulders
 
What's cooking in Maven? (Devoxx FR)
Maarten Mulders
 
Making Maven Marvellous (Devnexus)
Maarten Mulders
 
Making Maven Marvellous (Java.il)
Maarten Mulders
 
Making Maven Marvellous (JavaZone)
Maarten Mulders
 
Dapr: Dinosaur or Developer's Dream? (v1)
Maarten Mulders
 
Dapr: Dinosaur or Developer Dream? (J-Fall)
Maarten Mulders
 
React in 40 minutes (Voxxed Days Romania)
Maarten Mulders
 
React in 40 minutes (JCON)
Maarten Mulders
 
React in 50 minutes (Bucharest Software Craftsmanship Community)
Maarten Mulders
 
React in 50 Minutes (JNation)
Maarten Mulders
 
Making Maven Marvellous (J-Fall)
Maarten Mulders
 
Building a DSL with GraalVM (Oracle Groundbreaker APAC Virtual Tour)
Maarten Mulders
 
Building a DSL with GraalVM (javaBin online)
Maarten Mulders
 
React in 50 Minutes (OpenValue)
Maarten Mulders
 
React in 50 Minutes (DevNexus)
Maarten Mulders
 
React in 45 Minutes (Jfokus)
Maarten Mulders
 
Building web applications with React (Jfokus)
Maarten Mulders
 
Building a DSL with GraalVM (CodeOne)
Maarten Mulders
 
Building a DSL with GraalVM (Full Stack Antwerpen)
Maarten Mulders
 
Building a DSL with GraalVM (Devoxx PL)
Maarten Mulders
 
Ad

Recently uploaded (20)

PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 

SSL/TLS for Mortals (Devoxx)

  • 2. T L S Awesome Sauce, or... Maarten Mulders (@mthmulders)#tlsformortals
  • 3. H Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertif cate(ClientHandshaker.java:1506) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at sun.net. .protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) at sun.net. .protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net. .protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512) at sun.net. .protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440) at sun.net. .protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at it.mulders.maarten.Demo.main(Demo.java:13) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExc at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertif cate(ClientHandshaker.java:1488) 13 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to f nd valid certif cation path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) Maarten Mulders (@mthmulders)#tlsformortals
  • 5. 7 L OSI M data unit layers Data Data Data Segments Packets Application  Network Process to Application Presentation  Data Representation  and Encryption Session  Interhost Communication Transport  End­to­End Connections  and Reliability Network  Path Determination and  Host Layers Maarten Mulders (@mthmulders)#tlsformortals
  • 6. H SSL TLS SSL 1.0 never released SSL 2.0 1995 - 2011 (POODLE) SSL 3.0 1996 - 2014 (POODLE) TLS 1.0 1999 - 2011 (BEAST) TLS 1.1 2006 TLS 1.2 2008 TLS 1.3 2018 Maarten Mulders (@mthmulders)#tlsformortals
  • 7. D What's the issue?! Maarten Mulders (@mthmulders)#tlsformortals
  • 8. H 1. public/private key encryption 2. signed certificates 3. certificate authorities Maarten Mulders (@mthmulders)#tlsformortals
  • 9. 1 P P K E Maarten Mulders (@mthmulders)#tlsformortals
  • 12. M 1. Select two prime numbers: 2. Calculate product: 3. Select random number < product: 4. Find d, so that a. b. c. d. p = 11, q = 17 p ∗ q = 187 e = 3 (d ∗ e) − 1 mod (p − 1) ∗ (q − 1) = 0 (d ∗ 3) − 1 mod (10 ∗ 16) = 0 320 mod 160 = 0 (321 − 1) mod 160 = 0 (107 ∗ 3) = 321 ⇒ d = 107 Maarten Mulders (@mthmulders)#tlsformortals
  • 13. N , P Q 1. 2. Find d, so that Pretty hard without knowing and ! As soon as we know , calculating is trivial (again). p ∗ q = 299, e = 5 (d ∗ e) − 1 mod (p − 1) ∗ (q − 1) = 0 p q p = 13, q = 23 d = 317 Maarten Mulders (@mthmulders)#tlsformortals
  • 14. For big enough and , finding those factors will cost an eternity! So we can distribute and even ! p q p ∗ q e Maarten Mulders (@mthmulders)#tlsformortals
  • 15. L "G" p ∗ q = 187, e = 3, G ⇒ 7 = = 3437 e 7 3 343 mod 187 = 156 Maarten Mulders (@mthmulders)#tlsformortals
  • 16. L "156" Since we know and , we can calculatep q d = 107 = ≈ 4.6 ∗156 d 156 107 10 234 mod 187 = 7156 107 7 ⇒ G Maarten Mulders (@mthmulders)#tlsformortals
  • 18. N Client Server 1 ClientHello → 2 ← ServerHello 3 ← Certificate 4 ← ServerKeyExchange 5 ← ServerHelloDone 6 ClientKeyExchange → 7 ChangeCipherSpec → 8 Finished → 9 ← ChangeCipherSpec 10 ← Finished Maarten Mulders (@mthmulders)#tlsformortals
  • 19. D No-one is eavesdropping! Maarten Mulders (@mthmulders)#tlsformortals
  • 20. 2 S C Maarten Mulders (@mthmulders)#tlsformortals
  • 21. A certificate contains: Serial Number Subject Validity Usage Public Key Fingerprint Algorithm Fingerprint Maarten Mulders (@mthmulders)#tlsformortals
  • 22. But wait... anyone could create a certificate! So we also need Signature Algorithm Signature Issuer ... and a way to sign certificates. Maarten Mulders (@mthmulders)#tlsformortals
  • 24. A signature is a mathematical relationship between a message , a private key and a public key . It consists of two functions: 1. signing function 2. verifying function So, given and and knowing , we can tell if is indeed signed by . x sk pk t = f (sk, x) [accept, reject] = g(pk, t, x) x t pk x sk Maarten Mulders (@mthmulders)#tlsformortals
  • 25. 3 C A Maarten Mulders (@mthmulders)#tlsformortals
  • 26. An entity that issues digital certificates, certifying the ownership of a public key by the subject of the certificate. Maarten Mulders (@mthmulders)#tlsformortals
  • 27. I John ? Alice So, who is John, anyway? Many John's in todays browsers and operating systems! “I can trust you, because I trust John, and John trusts Alice, and Alice trusts you. Maarten Mulders (@mthmulders)#tlsformortals
  • 28. Top-notch security procedures, including "key ceremonies" Maarten Mulders (@mthmulders)#tlsformortals
  • 32. W Google blacklists 247 certificates in Chromium Microsoft removes the DigiNotar root certificate from all supported Windows-releases * Mozilla revokes trust in the DigiNotar root certificate in all supported versions Apple issued Security Update 2011-005 Update Certificate Revocation Lists (although these are self-Maarten Mulders (@mthmulders)#tlsformortals
  • 33. D Trust (for what it's worth) Maarten Mulders (@mthmulders)#tlsformortals
  • 34. T , T T Maarten Mulders (@mthmulders)#tlsformortals
  • 35. Simple HTTP client with TLS support: curl ­v ­k <address> Troubleshoot trust issues and see certificates being used: openssl s_client ­showcerts ­servername <address> ­ connect <address>:443 Troubleshoot supported protocols, ciphers, ...: nmap ­­script ssl­enum­ciphers ­p 443 <address> Maarten Mulders (@mthmulders)#tlsformortals
  • 36. JVM S ­Djavax.net.ssl.trustStore=<file> Denotes where a truststore can be found: a file that contains trusted certs. ­Djavax.net.ssl.trustStorePassword=changeit is the password to that file. Maarten Mulders (@mthmulders)#tlsformortals
  • 37. JVM S ­Djavax.net.ssl.keyStore=<file> Denotes where a keystore can be found: a file that contains public and/or private keys. ­Djavax.net.ssl.keyStorePassword=changeit is the password to that file. Maarten Mulders (@mthmulders)#tlsformortals
  • 38. JVM S ­Djavax.net.debug=ssl[:flag] Include debug logging for TLS handshake and connections. Additional flags: record session sessioncache pluggability plaintext handshake defaultctx keymanager data packet keygen sslctx trustmanager verbose Maarten Mulders (@mthmulders)#tlsformortals
  • 40. P - 1. Don't use SSL! Use TLS v1.2 or v1.3. 2. Be careful whom you trust! 3. When in doubt, open your toolbox: openssl, curl, nmap and Portecle Maarten Mulders (@mthmulders)#tlsformortals
  • 41. Q P D I Router by unknown author Maarten Mulders (@mthmulders)#tlsformortals