Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out
Get this document free

Internet SSL Survey 2010

VIEWS: 20 PAGES: 46

									Internet SSL Survey 2010
Black Hat Abu Dhabi 2010

Ivan Ristic
Director of Engineering
i i ti @    l        @ivanristic
iristic@qualys.com / @i    i ti

November 11th, 2010 (v1.8)
Agenda

 1. Why do we care about SSL?
 2. SSL assessment engine overview
 3. Finding SSL servers
 4 S       findings
 4. Survey fi di
 5. Conclusions and plans
 6. Extra slides


                          2          BLACK HAT ABU DHABI 2010
About Ivan Ristic
Ivan is a compulsive builder who
likes solving interesting problems
   ModSecurity, open source
   web application firewall
        pp
   Apache Security,
   O’Reilly (2005)
        Labs SSL, TLS
   SSL Labs, SSL TLS, and
   PKI research
   LibHTP, HTTP parsing framework
   ModSecurity Handbook,
   Feisty Duck (2010)



                                     3   BLACK HAT ABU DHABI 2010
Part I: Internet SSL Survey 2010
Why Do We Care
About SSL?
SSL Labs
SSL Labs:
     A non-commercial
     security research effort
     focused on SSL, TLS,
        d friends
     and f i d
Projects:
     Assessment tool
     SSL Rating Guide
     Passive SSL client
     fingerprinting tool
     SSL Threat Model
     SSL Survey



                                5   BLACK HAT ABU DHABI 2010
SSL Threat Fail Model
How can SSL fail?
   In about a million and
   one different ways,
   some worse than
     th
   others.
Principal issues:
   Implementation
   fl
   flaws
   MITM
   Usability issues
   Impedance mismatch
   Deployment mistakes
   PKI trust challenges
                    g

                            6   BLACK HAT ABU DHABI 2010
SSL Rating Guide
What is the purpose of the guide?
   Sum up a server’s SSL configuration,
   and explain how scores are assigned
                        non-experts
   Make it possible for non experts to
   understand how serious flaws are
   Enable us to quickly say if one server
   is better configured than another
   Give configuration guidance




                                            7   BLACK HAT ABU DHABI 2010
SSL Rating Guide (Not)
And what is NOT the purpose
of the guide?
   The scores are not supposed to be a
   perfect representation of configuration
   p         p                    g
   “quality”
   We don’t know what “secure”
            y
   means to you
   Besides, security has many enemies:
       Cost
       Performance
       Interoperability




                                             8   BLACK HAT ABU DHABI 2010
Part II: Internet SSL Survey 2010
    Assessment
SSL A        t
Engine
Online SSL Assessment Overview
Main features:
     Free online SSL test
     Comprehensive, yet
     easy on CPU
     Results easy to
     understand
            y
What we analyze:
     Configuration
     Certificate chain
     Protocol and cipher
                     p
     suite support
     Enabled Features
     Weaknesses


                            10   BLACK HAT ABU DHABI 2010
SSL Assessment Details
Highlights:
     Renegotiation vulnerability
     Cipher suite preference
     TLS version intolerance
     Session resumption
     Firefox 3.6 trust
     base
Every assessment
  consists of about:
     2000 packets
     200 connections
     250 KB data


                                   11   BLACK HAT ABU DHABI 2010
Assessment Challenges
Comprehensive assessments are difficult:
     A naïve approach is to open a connection per cipher suite. It doesn’t scale.
     We went to packet level, using partial connections (with as little crypto as
     possible) to extract the information we needed. Almost no CPU used.
     No test can be 100% reliable with multiple servers behind one IP address.
Other issues:
     Complicated topic – so many RFCs and other documents to read before you
     can begin to grasp the problem. It took a lot of hard work to just assemble the
     list of known cipher suites.
     Poor programming documentation; SSL toolkits generally
          p g         g                                  g  y
     designed to connect (or not), but not for diagnostics.
     Feature coverage – toolkits cover only a part of what the protocols can do.
     Bugs, edge cases, and interoperability issues.
       g     g                            y

                                          12                           BLACK HAT ABU DHABI 2010
Part III: Internet SSL Survey 2010
Finding
Fi di SSL
Servers
Domain Enumeration
How many domain names and certificates are there?
     Roughly 193M domain name registrations in total (VeriSign)
     207M sites (Netcraft)
                                 (        )
     1.2M valid SSL certificates (Netcraft)

Main data set: domain name registrations
     All .com, .net, .org, .biz, .us, and .info domain names
          domain names (57% of th t t l)
     119M d   i              f the total)

Bonus data sets:
     Alexa’s top 1m popular sites
     Collect the names in the certificates we find




                                              14                  BLACK HAT ABU DHABI 2010
First Pass: Lightweight Scan
The purpose of the first-pass lightweight scan
is to locate the servers we need to examine in depth:
     Those are servers with certificates whose names match
     the domain names on which they reside.
     Someone made an effort to match the names, therefore
     the intent is there!
How did we do that?
     Single server with 4 GB RAM (not a particularly powerful one)
     DNS resolution + few packets to probe ports 80 and 443 // Yes, HTTP servers only
     Naturally,
     Naturally incomplete SSL handshakes
     2,000 concurrent threads
     Resulted in roughly 1,000 probes per second; fast enough
     A day and a half for the entire scan

                                            15                       BLACK HAT ABU DHABI 2010
Active Domain Names
Out of 119m domain names:
   12.4M (10.37%)                       DNS
   failed to resolve                   failure
                                       10.37%
   14.6M (12.28%)              No
   failed to respond        response
   92M (77.35%)              12.28%
   seemed active




  Active means to respond                         Active
                                                  A ti
                                                 domains
   on port 80 or port 443                         77.35%




                             16                    BLACK HAT ABU DHABI 2010
Port 80 and 443 Activity Analysis
                                          Includes 18,222 SSH responses;
     91 65M
     91.65M                               the rest is mostly plaintext HTTP
    (99.35%)
                                                                              Includes 6,320
                                                                              SSLv2-only
                                                                              responses



                                      Other
                                      11.02                                 SSL
                    33.69M           32.73%                                22.65
                   (36 52%)
                   (36.52%)                                               67.27%
                                                                          67 27%




      Port 80        Port 443




      Domain responses on                     Protocols on port 443
        ports 80 and 443                           (in millions)


                                17                                 BLACK HAT ABU DHABI 2010
~720,000 Potentially Valid SSL
Certificates
C tifi t
     Name match
       0.72M
       3.17%                        Name match
                                       0.12M
                                      27.86%




                                                             No match
                  No match                                     0.30M
                   21.93M                                     72.14%
                   96.83%



       Out of 22.65M domain             Alexa’s Top 1M domain names
      names with SSL enabled


                               18                          BLACK HAT ABU DHABI 2010
22m Invalid Certificates! Really!?
                              Why so many invalid responses?
    Name match                           Virtual web hosting hugely popular
      0.72M
                                              119m domain names represented by
      3.17%
                                              about 5.3m IP addresses
                                              22 65m domain names with SSL
                                              22.65m
                                              represented by about 2m IP addresses
                                         Virtual SSL web hosting practically
                                         impossible – too many browsers do not
                                         support the TLS SNI extension
                              We don’t know if a site uses SSL, and
                 No match     end up seeing something else because
                  21.93M           don t
                              most don’t
                  96.83%
                                     •    But we should be able to tell
                                     •    DNS SRV records, perhaps?
      Out of 22.65M domain
     names with SSL enabled          •    Or virtual SSL hosting!
                                     •    At least, virtual hosting servers
                                          should not respond on port 443
                                19                                        BLACK HAT ABU DHABI 2010
First Pass Summary
                                                                 We looked at 190 million domain names
                              Certificate                               22.66% not operational
                             name match
                                0.60%                                   48.03% does not listen on port 443
                                                                        9.40% runs something else on port 443
                                     DNS failure
               Certificate             12 40
                                       12.40                            18 40% certificate name mismatches
                                                                        18.40%
                 name
                                      10.41%
               mismatch                                                 0.60% certificate name matches
                 21.93                                                  (and not even those are all valid)
                18.40%
                                                   No response
                                                      14.60
                                                                    Virtual web hosting hugely popular
 Not running
 SS on port
 SSL                                                 12 25%
                                                     12.25%                   119m domain names represented by
     443
    11.20                                                                     about 5.3m IP addresses
   9.40%
                                                                              22.65m domain names with SSL
                                                                              represented by about 2m IP addresses
                                                                    Issues:

                                            Port 443 not
                                                                        No virtual SSL web hosting
                                               open
                                               58.31
                                                                        No way for a browser to know
                                              48.93%                    if a site uses SSL
The End Result…
Let’s now try to get as many entries as possible
     Add all we have together:
         720,000 certificates from the domain name registration data set
         120 000 certificates from the Top 1m data set
         120,000
         About new 100,000 domains found in certificate names
     Remove duplicates:                                       NL

                                                              FR
         Unique IP address                                   AU

         Unique domain name                                   CA

                                                              DE
         Unique certificate
                                                             GB



     We ended up with     867,361 entries                     JP

                                                              US

                                                         Unknown

            y
     Probably   25-50%           of all commercial certs           0   50   100     150    200     250




                                          21                                BLACK HAT ABU DHABI 2010
Part IV: Internet SSL Survey 2010
    Survey
SSL S
Results
How Many Certs
Failed Validation d Why?
F il d V lid ti and Wh ?
           32,642 (3 76%)
           32 642 (3.76%) have
           incomplete chains

                                                             136,115
                                                                                                        Remember that
                                          Not trusted                                                  the methodology
                                           240,335
                                           240 335                                                       l d dh t
                                                                                                      excluded hostname
                                           27.71%                       96,037                        mismatch problems

 Trusted
 627,026
 72.29%                                                                                43,287



                                                                                                   1,328       1,072     903
                                                             Expired   Self‐signed   Unknown CA     Invalid    Revoked   Bad CN
                                                                                                  signature


               Trusted versus untrusted
                      certificates                                               Validation failures



                                                        23
Certificate Validity and Expiry
Distribution
Di t ib ti
                  Certificate period of validity
                      (trusted certificates only)
   300000


                                                                        Expired and
   200000
                                                                       other problems
                                                                        52,190 (38%)
   100000


       0
            0    12   24    36     48    60    72   84       96
                                                                                                       Expired onl
                                                                                                       E pired only
                                                                                                       83,925 (62%)
                   Expired certificates over time
                (certificates without other problems only)
   10000

    8000

    6000
                                                                              How many certificates are
    4000                                                                     only expired, and how many
    2000                                                                      have other problems too?
       0
            0    12   24    36     48    60    72   84       96

                                                                  24                       BLACK HAT ABU DHABI 2010
Trusted Issuers and Chain Length
We saw 429 ultimately-trusted certificate issuers                                   Not
                                                                                   seen
     They led to 78 trust anchors                                                   77
                                                                                   49.68
                                                                                     %
     That’s only 50% of our trust base, which has
                                                               Seen
     155 trust anchors                                          78
                                                               50.32
                                                               50 32
                                                                %




                                                                        155 trusted
                                                                       CA certificates
                                                                    (from Firefox 3.6.0)
       Web server        Intermediate       Trusted root
       certificate         certificate       certificate   Chain length          Certificates seen




                                                                                                      Recomm
                           (optional)
                                                                2                    270,779




                                                                                                           mended length
                                                                3                    334,248
                                                                4                      2368

          This path is 2 levels deep in 44% of cases,           5                          186
                                                                6                           8
               and 3 levels deep in 55% of cases.
                               p


                                             25                            BLACK HAT ABU DHABI 2010
Trusted Anchors
                             Certificates per issuer               Trust Anchor                                                Certificates
                              (                    )
                              (429 issuers in total)               Go Daddy Class 2 Certification Authority                       146 173
                                                                                                                                  146,173
            200
Thousands




                                                                   Equifax Secure Certificate Authority                           141,210
            150                                                    UTN-USERFirst-Hardware                                         86,868
                                                                   Thawte Premium Server CA                                       27,976
            100
                                                                   Thawte Server CA                                               26,972
             50                                                    Class 3 Primary Certification Authority (VeriSign)             26,765
                                                                   VeriSign Trust Network                                         26,163
              0
                                                                   GlobalSign Root CA                                             20,290
                  0   10       20      30      40      50   60
                                                                   Network Solutions Certificate Authority                        19,437
                                                                   S f       C       Certification Authority
                                                                   Starfield Class 2 C    f                                       17,824
                                                                                                                                  1 824
                           Certificates per trust anchor
                                                                   Equifax Secure Global eBusiness CA-1                           15,662
                               (78 anchors in total)
            200                                                    COMODO Certification Authority                                 14,296
Thousands




                                                                   SecureTrust CA                                                  8,793
            150
                                                                   VeriSign Class 3 Public Primary Certification Authority -
                                                                   G5                                                              7,619
            100
                                                                   DigiCert High Assurance EV Root CA                              6,769
            50                                                     StartCom Certification Authority                                6,197
                                                                   Entrust.net Secure Server Certification Authority               5,068
             0
                                                                       C b T    t Gl b l R t
                                                                   GTE CyberTrust Global Root                                      4,659
                                                                                                                                   4 659
                  0            20              40           60
                                                                 18 trust anchors on this page account for 608,741 (97%) certificates

                                                                    26                                              BLACK HAT ABU DHABI 2010
Trusted Anchors and Trust Delegation

On average, there will be
   average                    5.5
                              55
                                                     Deutsche Telekom
issuers for every trust anchor.                       Root CA 2 (169)
     Top 6 anchors have more than
     10 issuers each                                                Issuers per trust anchor
                                                          180
     They account for a total of 286
                                                          160
     issuers, or 67% of all
                                                          140
     Deutsche Telekom alone                C b T
                                       GTE CyberTrust t   120
     accounts for 39% of               Global Root (48)
                                                          100
     all issuers we saw                                    80
                                                           60
                                                           40
                                       UTN-USERFirst-
                                        Hardware (29)      20
                                                           0
                                                                0               5              10              15




                                              27                                        BLACK HAT ABU DHABI 2010
How Many Trust Anchors Do We Need?
Let’s try to figure the minimum                                          23              42
number of trust anchors!                                           11   (99.1%)        (99.9%)

     Of course, this is very                                  (90.0%)

     subjective
                                                             100
     Our data set is biased and                              98
     contains predominantly U.S.                             96
     web sites                                               94




                                           Coverage (in %)
     Your browsing habits are                                92



                                                      n
                                                             90
     probably different
                                                             88
     Still, it’s interesting to see that                     86
     you probably need only                                  84
     between 10 and 20 trust                                 82
     anchors.                                                80
                                                                   0     20            40            60            80
     But your selection may be                                                    Trust anchors
     different from mine!

                                           28                                                 BLACK HAT ABU DHABI 2010
Certificate Keys and Signatures
Virtually all trusted certificates                                 SHA1
                                                                     S
                                                                   RSA
                                                                  597,404
use RSA keys; only 3 DSA keys                                     98.32%


     127 DSA keys across all certificates (i.e.,
     including those certs we could not validate)
     SHA1 with RSA is the most popular choice for                                               MD5
                                                                                                RSA
     the signature algorithm                                                                   10,185
                                                                                               1.68%
     A very small number of stronger hash
                                                                          g         g
                                                                        Signature algorithm
     functions seen across all certificates:
          SHA256 with RSA: 190
                                                     Key length                          Certificates seen
          SHA384 with RSA: 1
                                                     512                                       3,005
          SHA512 with RSA: 75
                                                     1024                                     386 694
                                                                                              386,694
     Virtually ll keys 1024 or 2048 bit l
     Vi t ll all k                  bits long
                                                     2048                                     211,155
     Only 99 weak RNG keys from Debian               4096                                      6,315
     (but 3,938 more among the untrusted)            8192                                        14
                             server gated
     Only 8% servers support server-gated crypto     Other                                      406


                                                29                                 BLACK HAT ABU DHABI 2010
Protocol Support
Half of all trusted servers support                            SSL v2 No 
                                                                 Suites
the insecure SSL v2 protocol                                    11.93%
                                                                                           No support
      Modern browsers won’t use it, but                                                     38.22%
      wide support for SSL v2
      demonstrates how we neglect to give
      any attention to SSL configuration
                                                               SSL v2
      Virtually all servers support                            49.85%
      SSLv3 and TLS v1.0
      Virtually no support for TLS v1.1
      (released in 2006) or TLS v1.2                Protocol                Support        Best protocol
      (released in 2008)                            SSL v2.0                302,886                 -

                 ,                     p
      At least 10,462 servers will accept           SSL v3.0
                                                        v3 0                607,249
                                                                            607 249             3 249
                                                                                                3,249
      SSLv2 but only deliver a user-friendly
      error message over HTTP                       TLS v1.0                604,242            603,404

                                                    TLS v1.1                 838                  827

                                                    TLS v1.2                  11                   11

                                               30                                     BLACK HAT ABU DHABI 2010
Ciphers, Key Exchange and Hash
Functions
F   ti
                                                          Cipher        Servers          Percentage
   p
Triple DES and RC4 rule in                            3DES_EDE_CBC
                                                      3DES EDE CBC      603,888
                                                                        603 888             99 39%
                                                                                            99.39%
the cipher space                                         RC4_128        596,363             98.15%
                                                       AES_128_CBC      418,095             68.81%
      There is also good support
                                                       AES_256_CBC      415,585             68.39%
      for AES, DES and RC2
                                                           S_C C
                                                         DES CBC        3 , 5
                                                                        341,145             56 %
                                                                                            56.14%
                                                          RC4_40        320,689             52.78%
  Key exchange      Servers        Percentage          RC2_CBC_40       314,689             51.79%
      RSA           607,582          99.99%            RC2_128_CBC      283,416             46.64%
    DHE_RSA         348,557          57.36%            DES_CBC_40       192,558             31.69%
   RSA_EXPORT       319,826          52.63%               RC4_56        192,192             31.63%
 RSA_EXPORT_1024    193,793          31.89%             IDEA_CBC        52,762              8.68%
 DHE_RSA_EXPORT     176,258          29.00%            RC2_CBC_56       50,897              8.37%
                                                     CAMELLIA_256_CBC   29,709              4.88%
                                                     CAMELLIA_128_CBC
                                                     CAMELLIA 128 CBC   29,708
                                                                        29 708              4 88%
                                                                                            4.88%
      Hash          Servers        Percentage
                                                        SEED_CBC        14,796              2.43%
      SHA           606,489          99.81%
                                                          NULL           2,185              0.35%
      MD5           591,433          97.34%
                                                       AES_128_GCM        2                    -
     SHA256           4                -
                                                       AES_256_GCM
                                                       AES 256 GCM        1                    -
     SHA384          156               -
                                                      FORTEZZA_CBC        1                    -


                                                31                                BLACK HAT ABU DHABI 2010
Cipher Strength
                         g
All servers support strong and most
              pp
                                                                           607,570
support very      strong ciphers                                           99.99%

     But there is also wide support
     for weak ciphers                                                                    415,585
                                                                                         68 39%
                                                                                         68.39%
                                                                 342,960
                                128                              56,44%
                              191,985
                              31.60%


          256
        415,585                                      2,213
        68.40%                          < 128        0.36%
                                          17
                                        0.00%        No enc.      < 128      128          256


           Best cipher strength support                        Cipher strength support



                                                32                           BLACK HAT ABU DHABI 2010
Cipher Suite Support
 Most supported cipher suites

              Cipher suites                  Servers   Percentage

    TLS_RSA_WITH_3DES_EDE_CBC_SHA            603,545     99.33%
       TLS_RSA_WITH_RC4_128_SHA              593,884     97.74%
                                                                                                 No
       TLS_RSA_WITH_RC4_128_MD5              590,901     97.25%                              preference
                                                                                              367,758
                                                                                                  ,
     TLS RSA WITH AES 128 CBC SHA
     TLS_RSA_WITH_AES_128_CBC_SHA            417 866
                                             417,866     68.77%
                                                         68 77%
                                                                                               60.53%
     TLS_RSA_WITH_AES_256_CBC_SHA            415,348     68.36%
  TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA          347,729     57.23%


 Most preferred cipher suites

                              Cipher suite
                                                                      Server
                    TLS_RSA_WITH_RC4_128_MD5
                                                                    preference
                    TLS_RSA_WITH_RC4_128_SHA                         239,831
                                                                      39.47%
                 TLS_RSA_WITH_3DES_EDE_CBC_SHA
                  TLS_RSA_WITH_AES_128_CBC_SHA
                    TLS_RSA_WITH_DES_CBC_SHA                              Cipher suite server
                  TLS_RSA_WITH_AES_256_CBC_SHA                                preference
               TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
              TLS RSA EXPORT1024 WITH DES CBC SHA
              TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA



                                                         33                         BLACK HAT ABU DHABI 2010
SSL Labs Grade Distribution
Most servers not configured well                                                                         Key length
                                                                                                         Key length         Score
               Only 38.54% got an A                                                                           A             >= 80
                                                                                                              B             >= 65
               61.46% got a B or worse                                                                        C             >= 50
                                                                                                              D             >= 35
               Most probably just use the default                234,201
                                                                    ,                                         E             >= 20
                 tti     f th i    b
               settings of their web server                      38.54%                                       F              < 20
                                                                                    205,444
                                                                                    33.81%



             180                                                                              117,225
                                                                                              117 225
 Thousands




             160                                                                              19.29%
             140
             120
             100                                                           45,443
              80                                                           7.47%
                                                                           7 47%
              60
              40
                                                                                                                      5,274
              20                                                                                           2
               0
                   0   20        40       60     80   100          A        B          C         D         E            F
                            Score distribution                                      Grade distribution

                                                            34                                       BLACK HAT ABU DHABI 2010
Secure and Insecure Renegotiation
                                                         Insecure renegotiation is the closest
                   Insecure                              thing to a serious TLS protocol flaw
                 renegotiation
                    196,277                              so far
                    32.31%
                                                              Became public in November 2009
                                                              Initial response was to disable
                                            Secure 
                                                              renegotiation
                                         renegotiation        But not all sites can do that
                                            124,729

 Not supported
                                            20.53%                 5746: Transport L
                                                              RFC 5746 T                  Security (TLS)
                                                                                  t Layer S    it
    286,515                                                   Renegotiation Indication Extension
    47.16%                                                    published in February 2010
                                                              Some vendors have started to support it
                                                              We are seeing servers patched at about
             Support for secure and                           4% per month
             insecure client-initiated                        There are 68 sites that support insecure
                  renegotiation                               and secure renegotiation at the same
                    July 2010
                                                              time
                                                         35                             BLACK HAT ABU DHABI 2010
Part V: Internet SSL Survey 2010
Conclusions and Pl
C   l i       d Plans
Conclusions
Good:
       Virtually all deployments have good key size, support
       good protocols and strong crypto
Bad:
       No thought given to configuration in most deployments
           Most probably just use default settings
           SSLv2 still widely supported after 14 years!
       Lack of support for TLS v1.1 and v1.2 is a cause for concern
       It takes a serious vulnerability for things to start changing
       (and then only slowly)
Long term:
       Support for virtual SSL hosting (TLS SNI) is needed to take SSL further
       Vendors and library d
       V d       d lib         l          key to       it
                           developers are k t SSL security

                                             37                        BLACK HAT ABU DHABI 2010
Plans
              y
Automate survey:
     Fully automated (incl. report generation)
     Run quarterly and look at the trends
Expand survey:
     Include other protocols (e.g., SMTP)
Cast a wider net:
     Look at insecure cookie (session) issues
     Examine mixed-content issues
         Within the same page
         Within the same site




                                         38      BLACK HAT ABU DHABI 2010
Q&A


      Thank You
      Th k Y
            Ivan Ristic
      iristic@qualys.com
            @ivanristic
What Did It Take to Assess All Those
Servers?
S      ?
Relatively straightforward, but very time consuming:
     Used three servers:
          One server to host the database
                                                                              15




                                                                       ands
          Two assessment servers with 200 threads each




                                                                  Thousa
                                                                              10
          All three modest virtual servers with 1 GB RAM each
                                                                              5
     Assessment speed of about 5 servers / sec
                                                                              0
     Median duration ~ 65 seconds
                                                                                   1     10    100   1000    10000
     Performed two full scans @ 2-3 days each                                          Assessment duration
                                                                                           in seconds
     Multiple partial scans to independently verify results
     About 1 TB of data
     Greatest expense was time: 1-2 man-months, even though we started with
     a pretty complete single-server assessment engine
          Troubleshooting even small issues takes a ton of time
          Result validation t
          R   lt lid ti too

                                               40                                       BLACK HAT ABU DHABI 2010
Unknown Issuers
We saw 43,287 unknown issuers
    Great majority of issuers seen only once
    22 seen in more than 100 certificates
           y
    Manually verified those 22
    Found 4 that one could argue are legitimate, but are not trusted
    by Mozilla (yet) (http://www.mozilla.org/projects/security/certs/pending/)


                                 Issuer                               Seen certificates
                                 Firstserver Encryption Services              9486
                                 CAcert
                                 CA t                                         6117
         Trusted in other        ipsCA                                         462
         major browsers
                                 KISA Root CA                                  162


                                            41                          BLACK HAT ABU DHABI 2010
Certificate Chain Correctness
                                                       265,238
                                                       26 238
                                                       43.65%                  Potential performance
   Correct                                                                     and bandwidth issue
   569,472
   93.73%                                                                      However, some of the extra
                                                                               certificates may be needed by
                                                                               some clients; needs further
                                                                               verification




                                                                            32,642
                                                                            9.69%
                                                                            9 69%                 5 475
                                                                                                  5,475
                                                                                                  1.62%

                                 Incorrect        Unneeded certificates  Incomplete chain      Incorrect order
                                   38,117                sent
                                   6.27%
                                                                          Could invalidate chains,
      Correct versus incorrect                                             depending on client
         certificate chains

                                                          Issues with certificate chains


                                             42                                             BLACK HAT ABU DHABI 2010
Certificate Chain Size and Length
                                                                    Certs sent   Actual            Should be
In 43.65% of all cases, there’s                                         1        227 520
                                                                                 227,520            270,779
                                                                                                    270 779
more certificates sent than needed                                      2        181,996            334,248
                                                                        3        113,672              2,368
        When latency between client and server
                                                                        4        78,931               186
        is high, the unneeded certificates waste
                                                                        5         3,320
                                                                                  3,3 0                8
        th precious i iti l b d idth
        the       i   initial bandwidth                                 6         1,491                0
        Important when you need to want the                             7          48                  0
        performance to be as good as possible                           8          28                  0
                                                                        9          49                  0
                   Certificate chain sizes in KB
                   Certificate chain sizes in KB
                                                                       10         489                  0
        127                                                            11          4                   0
         33
                                                                       12          10                  0
         24
                                                                       13          24                  0
         15
                                                                       15          1                   0
         12
                                                                       16          1                   0
          9
          6                                                            17          2                   0
          3                                                            61          1                   0
  Chain size
  Chain size                                                           70          1                   0
               0        50          100            150   200           116         1                   0


                                                               43                          BLACK HAT ABU DHABI 2010
Session Resumption
Session resumption is an very
important performance
optimization
    It avoids the expensive handshake
                    p
                                                  Resume 
    operations on all but first connection        sessions                            Do not 
                                                  90.65%                              resume
    Most sites support it, but
                                                                                       4.62%
    about 9% don’t
         ll      b     f it    l i to
    A small number of sites claim t
    support it, but do not resume sessions
                                                                                       Disabled 
    Session resumption may be                                                        resumption
    challenging to deploy when load                                                     4.73%
    balancing is used
    We did not test for Session Ticket                  Session resumption support
    support on this occasion



                                             44                             BLACK HAT ABU DHABI 2010
Support for Multiple Domain Names
                                                                  350




                                                           ands
Most sites support 0, 1, or 2                                     300




                                                      Thousa
alternative domain names                                          250
                                                                  200
      Some CAs will automatically add 2 alternative
                                                                  150
      domain names (“example.com” and                             100
       www.example.com )
      “www.example.com”)                                          50
      Untrusted 3o.hu has 354 (8.2 KB cert)!                       0
                                                                        0         2      4        6        8       10
      Untrusted www.epi.es has 287 and they are all                         Alternative names per certificate
      wildcards (7.5 KB cert)!
                                                            Alternative names
                                                            Alt    ti                                 Name
                                                                                                      N
About 4.44% certificates use wildcards                                      252                 www.hu-berlin.de

      2.72% as the common name                                              191                 www.tu-berlin.de

                                                                            153                    *.abyx.com
      1.72%
      1 72% in the alternative name
                                                                            150              www.newcreditera.com

About 35.59% certificates support access                                    116                  edgecastcdn.net
                                                                                          jpbsecurehostingservice.com
with and without the “www” part.                                            101
                                                                                              www.indiebound.org
      88% of the domains tested are under a TLD                             100              t     i          li
                                                                                          quotes.usinsuranceonline.com



                                               45                                            BLACK HAT ABU DHABI 2010
Strict Transport Security (STS)
Only 12   trusted sites seem to support
                                                                          Sites that support STS
Strict Transport Security (STS)                                     secure.grepular.com
     Supported by further 3 untrusted sites                         secure.informaction.com
                                                                    www.acdet.com
     STS allows sites to say that they
                                                                    www.datamerica.com
     do not want plain-text traffic
                                                                    www.defcon.org
     Just send a Strict-Transport-Security response                 www.elanex.biz
     header from the SSL portion of the site                        www.feistyduck.com
                                                                    www.paypal.com
     Supported in Chrome and Firefox with NoScript
                                                                    www.squareup.com
     Internet draft                                                 www.ssllabs.com
     http://tools.ietf.org/html/draft-hodges-strict-transport-sec   www.strongspace.com
                                                                          i
                                                                    www.voipscanner.com




                                                      46                                  BLACK HAT ABU DHABI 2010

								
To top