Last Updated: 2011-06-29 18:24:05 UTC
by Johannes Ullrich (Version: 1)
SSL or TLS is *the* security protocol to encrypt in particular HTTP traffic. We all know it, love it, and then ignore various pop-ups telling us that in ever so cryptic ways that someone is playing a man in the middle attack on us.
I don't want to go over the basics here, but just talk about various tricks and issues that I see sometimes left out.
What about different certificate "Classes"
SSL plays two important roles: It encrypts traffic AND it verifies that you are connected to the correct server. Your browser knows that it connects to the correct server because the server presents a certificate that includes its host name, among other information, and is signed by a trusted certificate authorities.
Certificate authorities vary in how they validate the information in the certificate, and what information is actually validated:
Domain: This is the simplest (and cheapest) type of certificate. All it verifies is that the host name. Usually, you can get these certificates in a few minutes as long as your e-mail address is listed in the domain's whois record. For example, if you own the domain name "bigbank.com", you can get a certificate for it, no mater if you are affiliated with a company called "bigbank" or not.
Organization: This is the next class of certificates, sometimes called "Class 2" certificates. In this case, the certificate authority verifies that you are associated with the respective organization that owns the domain name. You typically need to fax in a copy of a photo id, a business license or other paperwork. Now, the name of the business is validated by the certificate as well.
EV (Extended Validation) Certificates: This type of certificate is the most expensive to get, and requires additional paper work and validation. The goal is to better validate the business name the certificate is used for. As a "reward", many browsers will display the business name, not just the host name, as part of the URL bar. Banks frequently use this type of certificate.
I need a certificate that covers multiple host names
No problem. You got two options:
Wildcard certificates are used for a domain, and they will work for all hostnames in that particular domain (e.g. *.example.com)
Multiple Domain Name Certificates can list various host names from different domain. For example, we use one for isc.sans.edu that covers some of the old host names we used like incidents.org and isc.sans.org.
I am using NameVirtualHosting (1 IP = Multiple Hostnames)
Now this is a tricky issue. If you use SSL, the entire HTTP stream, including headers, is encrypted, In order to figure out which key to use to decrypt it, the server needs to know the host name, which is encrypted... classic catch 22. As a result, you can not use multiple SSL certificates on the same IP address unless each server listens on a different port. However, modern browsers have a solution referred to as "SNI" (Server Name Indication, see RFC 4366) . With server name indication, the host name is sent in the clear as part of the client establishing the SSL connection (the SSL Client Hello message). Now the server knows what host name you are trying to connect to, and can use the right key.
Sadly, Windows XP DOES NOT support this extension to SSL, which limits its usefulness at this point. But it is a great option for small sites with limited user groups that don't use Windows XP. Internet Explorer 6 doesn't support it either, but I hope you aren't using that ;-)
In order to support SNI, you also need a recent version of openssl and Apache on the server. In cases where I can't update openssl and apache, I had good luck using nginx as a proxy (it supports SNI). Microsoft IIS will not support SNI last time I checked.
HTTP Strict Transport Security
This is a new features, introduced in Firefox 4. Other browsers start picking it up as well. The feature is intended to tell a browser to only use HTTPS, not HTTP, to connect to a particular host. It protects against attacks that try to redirect the user to an HTTP version of the site. All you have to do is add a an HSTS header to your server response:
Strict-Transport-Security: max-age=100 ; includeSubDomains
The "max-age" will tell the browser for how many seconds it should remember this setting. The optional "includeSubdomains" parameter will extend this preference to any subdomains.
Couple Links related to SSL:
https://www.ssllabs.com/ - great site to check if SSL is configured correctly (make sure to check the "Do not show the results on the boards" checkbox)
http://hacks.mozilla.org/2010/08/firefox-4-http-strict-transport-security-force-https/ - details about HSTS
http://www.ietf.org/rfc/rfc4366.txt - RFC for SNI