SlideShare ist ein Scribd-Unternehmen logo

Let's go HTTPS

Codemotion
Codemotion

"Let's go HTTPS" by Simone Carletti HTTPS has gone mainstream and nowadays it's a good practice to serve a website via HTTPS. However, simply installing a TLS/SSL certificate may not be not enough to stay secure. It's important to understand how HTTPS works and how to configure it properly. In this talk we'll take a look at different types of SSL certificates, along with how to obtain a trusted SSL certificate and install it on the most common web servers/PaaS. Finally, we'll discuss the best practices surrounding HTTPS, including the HSTS headers, public key pinning, and common pitfalls such as the mixed security error.

Internet
1 von 98
Downloaden Sie, um offline zu lesen
ROME 18-19 MARCH 2016 Let's Go ! HTTPS Simone Carle4
! HTTPS
! HTTPS I About HTTPS II Obtaining an SSL cer?ficate III Deploying an SSL cer?ficate IV Serving HTTPS IV III II I
Simone Carle4 @weppos
About HTTPS I IV III II I
What is HTTPS? IV III II I
HTTPS (also called HTTP over TLS, HTTP over SSL, and HTTP Secure) is a protocol for secure communica?on over a computer network which is widely used on the Internet. HTTPS consists of communica?on over Hypertext Transfer Protocol (HTTP) within a connec?on encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer. hTps://en.wikipedia.org/wiki/HTTPS IV III II I
What is HTTPS? HTTPS is a secure HTTP connec?on. IV III II I
HTTPS is HTTP over an encrypted connec?on secured by TLS (previously SSL). IV III II I
HTTPS is how websites securely exchange informa?on. IV III II I
Secure Connec@on Encryp@on The process of encoding messages or informa?on in such a way that only authorized par?es can read it. Authen@ca@on The process of determining whether someone or something is, in fact, who or what it is declared to be. IV III II I
KEEP CALM AND HTTP IS NOT ENCRYPTED
HTTP ResponseHTTP Request
! HTTPS RequestHTTP Request
Authen@ca@on
Authen@ca@on
Authen@ca@on
Authen@ca@on
SSL Cer@ficate IV III II I
Why HTTPS? IV III II I
Why HTTPS? ! Security ! Ranking factor ! HTTP/2 ! HTML 5 features ! Chrome Geo loca?on ! Firefox form + HTTPSIV III II I
! Security • Data integrity • User sensible informa?on • Unencrypted traffic can be: • sniffed • modified (e.g. adver?sement or script injec?on)
! Ranking factor hTps://webmasters.googleblog.com/2014/08/hTps-as-ranking-signal.html
! HTTP/2 hTps://webmasters.googleblog.com/2014/08/hTps-as-ranking-signal.html
! HTML 5 powerful features hTps://blog.mozilla.org/security/2015/04/30/depreca?ng-non-secure-hTp/ hTps://sites.google.com/a/chromium.org/dev/Home/chromium-security/depreca?ng-powerful-features-on-insecure-origins
! Chrome Geo location hTps://codereview.chromium.org/1530403002/
! Firefox form + HTTPS hTps://www.fxsitecompat.com/en-CA/docs/2015/non-hTps-sites-containing-login-form-will-be-marked-insecure/
" SSL Cer@ficate A cer?ficate is a digital document that contains a public key, some informa?on about the en?ty associated with it, and a digital signature from the cer?ficate issuer. IV III II I
x.509 SSL Cer@ficate # Version $ Serial Number % Issuer & Validity ' Subject ( Public Key " ) Extensions IV III II I
Cer@ficate Types ! Single-name cer?ficate example.com ! Wildcard-name cer?ficate *.example.com ! SAN cer?ficate example.com, www.example.com, foobar.com, … IV III II I
Symmetric vs Asymmetric *! ( encrypt ( decrypt Shared secret key( +John +Jane *! Jane public key Jane private key ( ( +John +Jane ( decrypt ( encrypt encryp@on IV III II I
Symmetric encryp@on "hello world!" "puggy eyxgr!" "hello world!""puggy eyxgr!" [["a", "b"], ["b", "w"], ["c", "n"], ["d", "r"], ["e", "u"], ["f", "o"], ["g", "v"], ["h", "p"], ["i", "s"], ["j", "z"], ["k", "k"], ["l", "g"], ["m", "m"], ["n", "h"], ["o", "y"], ["p", "c"], ["q", "j"], ["r", "x"], ["s", "d"], ["t", "t"], ["u", "f"], ["v", "i"], ["w", "e"], ["x", "l"], ["y", "a"], ["z", "q"]] John encrypts John sends to Jane Jane receives from John Jane decrypts IV III II I
How does HTTPS work? IV III II I
It's not a one-click setup :( yet IV III II I
Handshake, - DISCLAIMER: This schema is simplified on purpose. IV III II I
Handshake SYN , - DISCLAIMER: This schema is simplified on purpose. IV III II I
Handshake SYN SYN ACK , - DISCLAIMER: This schema is simplified on purpose. IV III II I
Handshake SYN SYN ACK . Client Random ( Cipher suites ClientHello , - DISCLAIMER: This schema is simplified on purpose. IV III II I
Handshake SYN SYN ACK . Client Random ( Cipher suites / Server Random ( Cipher suite " Cer?ficates 0 Session ID 1 Server key exchange data ClientHello ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone , - DISCLAIMER: This schema is simplified on purpose. IV III II I
Handshake SYN SYN ACK . Client Random ( Cipher suites / Server Random ( Cipher suite " Cer?ficates 0 Session ID 1 Server key exchange data ClientHello ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone 1 Client key exchange data ClientKeyExchange , - DISCLAIMER: This schema is simplified on purpose. IV III II I
Handshake SYN SYN ACK . Client Random ( Cipher suites / Server Random ( Cipher suite " Cer?ficates 0 Session ID 1 Server key exchange data ClientHello ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone 1 Client key exchange data ClientKeyExchange SYMMETRIC KEY IS GENERATED , - DISCLAIMER: This schema is simplified on purpose. IV III II I
Handshake SYN SYN ACK . Client Random ( Cipher suites / Server Random ( Cipher suite " Cer?ficates 0 Session ID 1 Server key exchange data ClientHello ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone 1 Client key exchange data ! Client switches to encryp?on ! MAC of handshake ClientKeyExchange ChangeCipherSpec, Finished SYMMETRIC KEY IS GENERATED , - DISCLAIMER: This schema is simplified on purpose. IV III II I
Handshake SYN SYN ACK . Client Random ( Cipher suites / Server Random ( Cipher suite " Cer?ficates 0 Session ID 1 Server key exchange data ClientHello ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone 1 Client key exchange data ! Client switches to encryp?on ! MAC of handshake ClientKeyExchange ChangeCipherSpec, Finished ! Server switches to encryp?on ! MAC of handshake ChangeCipherSpec, Finished SYMMETRIC KEY IS GENERATED , - DISCLAIMER: This schema is simplified on purpose. IV III II I
Handshake SYN SYN ACK . Client Random ( Cipher suites / Server Random ( Cipher suite " Cer?ficates 0 Session ID 1 Server key exchange data ClientHello ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone 1 Client key exchange data ! Client switches to encryp?on ! MAC of handshake ClientKeyExchange ChangeCipherSpec, Finished ! Server switches to encryp?on ! MAC of handshake ChangeCipherSpec, Finished SYMMETRIC KEY IS GENERATED 2 Applica?on data2 Applica?on data , - DISCLAIMER: This schema is simplified on purpose. IV III II I
Cipher Suites A cipher suite is a selec?on of cryptographic primi?ves and other parameters that defines exactly how security will be implemented. Bulletproof SSL and TLS IV III II I
Cryptographic primi@ves At the lowest level, cryptography relies on various cryptographic primi0ves. Each primi?ve is designed with a par?cular useful func?onality in mind. The primi?ves alone are not very useful, but we can combine them into schemes and protocols to provide robust security. For example, we might use one primi?ve for hashing, one for encryp@on and another for integrity checking. IV III II I
Obtaining an SSL cer@ficate II IV III II I
self signed vs trusted • Provides encryp?on • Provides authen?ca?on • Issued and signed by a publicly trusted Cer?fica?on Authority • Suitable for produc?on environments as well for tes?ng • Generally not free • Provides encryp?on • Doesn't provide authen?ca?on • self-signed • Generally used for tes?ng • Free
Cer?ficate Authority A Cer?ficate Authority (CA) is a trusted, private en?ty that issues digital cer?ficates. IV III II I
Chain of trust • Browsers and opera?ng systems include a list of trusted cer?ficates • These cer?ficates are called root cer'ficates, and they generally belong to trusted par?es, such as cer?ficate authori?esIV III II I
Chain of trust • When a cer?ficate authority issues a cer?ficate, they sign the cer?ficate with their root cer?ficate IV III II I
Chain of trust • Truthfully, in most cases cer?fica?on authori?es use sub-cer?ficates to sign your cer?ficate • These cer?ficates are called intermediate cer'ficates, and they are signed with a root cer?ficateIV III II I
Chain of trust • When the browser connects to a site via HTTPS, the browser reads the site cer?ficate • The cer?ficate doesn't match a trusted root cer?ficateIV III II I
Chain of trust • The browser aTempts to download the cer?ficate that was used to sign the current cer?ficate • The cer?ficate doesn't match a trusted root cer?ficateIV III II I
Chain of trust • The browser aTempts to download the cer?ficate that was used to sign the current cer?ficate • The cer?ficate matches a root cer?ficate • The original cer@ficate is trusted :) • The en?re cer@ficate chain is trusted 3 IV III II I
Chain of trust • The browser aTempts to download the cer?ficate that was used to sign the current cer?ficate • The cer?ficate doesn't match a root cer?ficate, and there are no more cer?ficates • The original cer@ficate is untrusted :( • The en?re cer@ficate chain is untrusted 4 IV III II I
IV III II I
Create a Cer@ficate Generate a
 Private/Public key pair $ openssl genrsa -des3 -out private.key 2048 ... Enter pass phrase for private.key: Verifying - Enter pass phrase for private.key: IV III II I
Create a Cer@ficate Generate a
 Private/Public key pair Generate a
 Cer?ficate Signing Request (CSR) $ openssl req -nodes -new -key private.key -out server.csr ... Country Name (2 letter code) [AU]:US Common Name (eg, YOUR name) []:www.example.com ... IV III II I
Create a Cer@ficate Generate a
 Private/Public key pair Generate a
 Cer?ficate Signing Request (CSR) for a self-signed cer?ficate
 Sign the cer?ficate $ openssl x509 -req -days 365 -in server.csr -signkey private.key -out certificate.pem hTps://devcenter.heroku.com/ar?cles/ssl-cer?ficate-self IV III II I
Request a trusted Cer@ficate Generate a
 Private/Public key pair Generate a
 Cer?ficate Signing Request (CSR) for a trusted cer?ficate
 Request the Cer?ficate (*) Request generally means purchase. You can purchase an SSL cer?ficate either from a CA, or a reseller. Some providers offer visual tools that help you with the request process (e.g. by genera?ng the CSR) (*) IV III II I
Request a trusted Cer@ficate Generate a
 Private/Public key pair Generate a
 Cer?ficate Signing Request (CSR) for a trusted cer?ficate
 Request the Cer?ficate (*) • Select the cer?ficate type • Submit the CSR • Validate the request • Obtain the cer?ficate (*) IV III II I
! (DV) Domain Validated asserts control of a domain ! (OV) Organiza?on Validated asserts control of a domain as well basic organiza?onal vepng ! (EV) Extended Valida?on asserts control of a domain as well extended organiza?onal vepng Cer@ficate Types IV III II I
5 Now you should have 1. A CSR file 2. A cer?ficate file 3. A private key file 4. (op0onally) A list of intermediate cer?ficate files -----BEGIN CERTIFICATE----- MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -----END CERTIFICATE-----IV III II I
Deploying an SSL cer@ficate IV III II I III
Install the cer@ficate on the server along with the private key, and intermediate cer?ficate chain. Configure HTTPS configure protocol version, cypher suite and cypher sepngs. To deploy HTTPS you need to: IV III II I
History of secure protocols SSL 1 Never released SSL 2 1996 A number of security flaws SSL 3 1995 Broken. Vulnerable to POODLE aTack TLS 1.0 1999 TLS 1.1 2006 TLS 1.2 2008IV III II I
Example config server { listen 443 ssl http2; listen [::]:443 ssl http2; # ssl certificate config ssl_certificate /path/to/certificate_and_intermediates; ssl_certificate_key /path/to/private_key; # ssl session config ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # protocol and cipher config ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_prefer_server_ciphers on; } IV III II I
Example config server { listen 443 ssl http2; listen [::]:443 ssl http2; # ssl certificate config ssl_certificate /path/to/certificate_and_intermediates; ssl_certificate_key /path/to/private_key; # ssl session config ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # protocol and cipher config ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_prefer_server_ciphers on; } IV III II I
Example config server { listen 443 ssl http2; listen [::]:443 ssl http2; # ssl certificate config ssl_certificate /path/to/certificate_and_intermediates; ssl_certificate_key /path/to/private_key; # ssl session config ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # protocol and cipher config ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_prefer_server_ciphers on; } IV III II I
Example config server { listen 443 ssl http2; listen [::]:443 ssl http2; # ssl certificate config ssl_certificate /path/to/certificate_and_intermediates; ssl_certificate_key /path/to/private_key; # ssl session config ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # protocol and cipher config ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_prefer_server_ciphers on; } IV III II I
hTps://mozilla.github.io/server-side-tls/ssl-config-generator/hTps://cipherli.st/ IV III II I
Heroku $ heroku addons:create ssl:endpoint Adding ssl:endpoint on example... done, v1 ($20/mo) $ heroku certs:add server.crt server.key Adding SSL Endpoint to example... done example now served by example-2121.herokussl.com. Certificate details: Expires At: 2012-10-31 21:53:18 GMT Issuer: C=US; ST=CA; L=SF; O=Heroku; CN=www.example.com Starts At: 2011-11-01 21:53:18 GMT hTps://devcenter.heroku.com/ar?cles/ssl-endpoint hTps://devcenter.heroku.com/ar?cles/ssl-cer?ficate-dnsimpleIV III II I
Caddy server hTps://caddyserver.com/ IV III II I
Caddy server IV III II I
Caddy server IV III II I
hTps://www.ssllabs.com/ssltest/ IV III II I
Lifecycle of a Cer@ficate 6 Requested ! Issued & Expired 4 Revoked 7 Rekeyed
Serving HTTPS IV III II I IV
Cookie security $ curl -I https://dnsimple.com HTTP/1.1 200 OK Server: nginx Date: Tue, 15 Mar 2016 15:52:08 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive ETag: W/"f2d21600cdff911b9ee6a44dabcda234" Cache-Control: max-age=0, private, must-revalidate Set-Cookie: _session=eccefb19761929d668000056d1b2; path=/; HttpOnly; secure X-Request-Id: 9d77f4c5-ab6b-443e-91bd-76a0383d8ab5 X-Runtime: 0.016254 Strict-Transport-Security: max-age=31536000 IV III II I
Cookie security $ curl -I https://dnsimple.com HTTP/1.1 200 OK Server: nginx Date: Tue, 15 Mar 2016 15:52:08 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive ETag: W/"f2d21600cdff911b9ee6a44dabcda234" Cache-Control: max-age=0, private, must-revalidate Set-Cookie: _session=eccefb19761929d668000056d1b2; path=/; HttpOnly; secure X-Request-Id: 9d77f4c5-ab6b-443e-91bd-76a0383d8ab5 X-Runtime: 0.016254 Strict-Transport-Security: max-age=31536000 IV III II I
Mixed Content security error IV III II I
Mixed Content security error IV III II I
Mixed Content security error IV III II I
Mixed Content security error IV III II I
Mixed Content security error IV III II I
Chrome security debugger IV III II I
HSTS Header $ curl -I https://dnsimple.com HTTP/1.1 200 OK Server: nginx Date: Tue, 15 Mar 2016 15:52:08 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive ETag: W/"f2d21600cdff911b9ee6a44dabcda234" Cache-Control: max-age=0, private, must-revalidate Set-Cookie: _session=eccefb19761929d668000056d1b2; path=/; HttpOnly; secure X-Request-Id: 9d77f4c5-ab6b-443e-91bd-76a0383d8ab5 X-Runtime: 0.016254 Strict-Transport-Security: max-age=31536000 IV III II I
HSTS Header The first ?me your site is accessed using HTTPS and it returns the Strict-Transport- Security header, the browser records this informa?on, so that future aTempts to load the site using HTTP will automa?cally use HTTPS instead. When the expira?on ?me specified by the Strict-Transport-Security header elapses, the next aTempt to load the site via HTTP will proceed as normal instead of automa?cally using HTTPS. Strict-Transport-Security: max-age=31536000 Strict-Transport-Security: max-age=31536000; includeSubDomains Strict-Transport-Security: max-age=31536000; includeSubDomains; preload IV III II I
HSTS Header The first ?me your site is accessed using HTTPS and it returns the Strict-Transport- Security header, the browser records this informa?on, so that future aTempts to load the site using HTTP will automa?cally use HTTPS instead. When the expira?on ?me specified by the Strict-Transport-Security header elapses, the next aTempt to load the site via HTTP will proceed as normal instead of automa?cally using HTTPS. Strict-Transport-Security: max-age=31536000 Strict-Transport-Security: max-age=31536000; includeSubDomains Strict-Transport-Security: max-age=31536000; includeSubDomains; preload IV III II I
HSTS Header Strict-Transport-Security: max-age=31536000 Strict-Transport-Security: max-age=31536000; includeSubDomains Strict-Transport-Security: max-age=31536000; includeSubDomains; preload hTps://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security hTps://hstspreload.appspot.com/ IV III II I
Public Key Pinning hTps://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning Public-Key-Pins: pin-sha256="base64=="; max-age=expireTime [; includeSubdomains][; report-uri="reportURI"] Public-Key-Pins: max-age=5184000; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg=" IV III II I
SecurityHeaders.io IV III II I
Let's Encrypt
Bulletproof SSL and TLS hTp://bit.ly/codemo?on2016-sslbook ⋆ ⋆ ⋆ ⋆ ⋆
Simone Carle4 ! hTps://simonecarlep.com @weppos Thanks!

Empfohlen

HTTPS
HTTPSHTTPS
HTTPS
maroti164
 
HTTPS
HTTPSHTTPS
HTTPS
Justin Denton
 
HTTP Basics
HTTP BasicsHTTP Basics
HTTP Basics
sanjoysanyal
 
Http Vs Https .
Http Vs Https . Http Vs Https .
Http Vs Https .
simplyharshad
 
Http and its Applications
Http and its ApplicationsHttp and its Applications
Http and its Applications
Nayan Dagliya
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
Kalpesh Kalekar
 
Http
HttpHttp
Http
Luavis Kang
 
HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)
Gurjot Singh
 

Empfohlen

HTTPS
HTTPSHTTPS
HTTPS
maroti164
 
HTTPS
HTTPSHTTPS
HTTPS
Justin Denton
 
HTTP Basics
HTTP BasicsHTTP Basics
HTTP Basics
sanjoysanyal
 
Http Vs Https .
Http Vs Https . Http Vs Https .
Http Vs Https .
simplyharshad
 
Http and its Applications
Http and its ApplicationsHttp and its Applications
Http and its Applications
Nayan Dagliya
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
Kalpesh Kalekar
 
Http
HttpHttp
Http
Luavis Kang
 
HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)
Gurjot Singh
 
Protocolo http
Protocolo httpProtocolo http
Protocolo http
NeftisLis
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer Protocol
Shubham Srivastava
 
Http vs Https
Http vs HttpsHttp vs Https
Http vs Https
shikherwalia
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Abhishek Gupta
 
Https
HttpsHttps
Https
Pooya Sagharchiha
 
Hypertext transfer protocol (http)
Hypertext transfer protocol (http)Hypertext transfer protocol (http)
Hypertext transfer protocol (http)
Shimona Agarwal
 
HTTP Protocol Basic
HTTP Protocol BasicHTTP Protocol Basic
HTTP Protocol Basic
Chuong Mai
 
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
rahul kundu
 
Http VS. Https
Http VS. HttpsHttp VS. Https
Http VS. Https
Raed Aldahdooh
 
HTTP & HTTPS
HTTP & HTTPSHTTP & HTTPS
HTTP & HTTPS
NetProtocol Xpert
 
Basics of HTTP - Nafis Fuad
Basics of HTTP - Nafis FuadBasics of HTTP - Nafis Fuad
Basics of HTTP - Nafis Fuad
Cefalo
 
Simple Mail Transfer Protocol
Simple Mail Transfer ProtocolSimple Mail Transfer Protocol
Simple Mail Transfer Protocol
Ujjayanta Bhaumik
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer Protocol
Rajan Pandey
 
Ssl https
Ssl httpsSsl https
Ssl https
Andrada Boldis
 
HTTP Presentation
HTTP Presentation HTTP Presentation
HTTP Presentation
Lana Dujanovic
 
Digital signature
Digital signatureDigital signature
Digital signature
AJAL A J
 
Http protocol
Http protocolHttp protocol
Http protocol
Arpita Naik
 
Introduction to HTTP protocol
Introduction to HTTP protocolIntroduction to HTTP protocol
Introduction to HTTP protocol
Aviran Mordo
 
Secure electronic transaction
Secure electronic transactionSecure electronic transaction
Secure electronic transaction
Nishant Pahad
 
Http-protocol
Http-protocolHttp-protocol
Http-protocol
Toushik Paul
 
Fun with Functional Programming in Clojure
Fun with Functional Programming in ClojureFun with Functional Programming in Clojure
Fun with Functional Programming in Clojure
Codemotion
 
HTTPS and YOU
HTTPS and YOUHTTPS and YOU
HTTPS and YOU
Eric Lewis
 

Weitere ähnliche Inhalte

Was ist angesagt?

Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
rahul kundu
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer Protocol
Rajan Pandey
 

Was ist angesagt? (20)

Protocolo http
Protocolo httpProtocolo http
Protocolo http
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer Protocol
 
Http vs Https
Http vs HttpsHttp vs Https
Http vs Https
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Https
HttpsHttps
Https
 
Hypertext transfer protocol (http)
Hypertext transfer protocol (http)Hypertext transfer protocol (http)
Hypertext transfer protocol (http)
 
HTTP Protocol Basic
HTTP Protocol BasicHTTP Protocol Basic
HTTP Protocol Basic
 
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
 
Http VS. Https
Http VS. HttpsHttp VS. Https
Http VS. Https
 
HTTP & HTTPS
HTTP & HTTPSHTTP & HTTPS
HTTP & HTTPS
 
Basics of HTTP - Nafis Fuad
Basics of HTTP - Nafis FuadBasics of HTTP - Nafis Fuad
Basics of HTTP - Nafis Fuad
 
Simple Mail Transfer Protocol
Simple Mail Transfer ProtocolSimple Mail Transfer Protocol
Simple Mail Transfer Protocol
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer Protocol
 
Ssl https
Ssl httpsSsl https
Ssl https
 
HTTP Presentation
HTTP Presentation HTTP Presentation
HTTP Presentation
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Http protocol
Http protocolHttp protocol
Http protocol
 
Introduction to HTTP protocol
Introduction to HTTP protocolIntroduction to HTTP protocol
Introduction to HTTP protocol
 
Secure electronic transaction
Secure electronic transactionSecure electronic transaction
Secure electronic transaction
 
Http-protocol
Http-protocolHttp-protocol
Http-protocol
 

Andere mochten auch

The Automation and Proliferation of Military Drones and the Protection of Civ...
The Automation and Proliferation of Military Drones and the Protection of Civ...The Automation and Proliferation of Military Drones and the Protection of Civ...
The Automation and Proliferation of Military Drones and the Protection of Civ...
Angelo State University
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101
Joshua Thijssen
 

Andere mochten auch (14)

Fun with Functional Programming in Clojure
Fun with Functional Programming in ClojureFun with Functional Programming in Clojure
Fun with Functional Programming in Clojure
 
HTTPS and YOU
HTTPS and YOUHTTPS and YOU
HTTPS and YOU
 
рисинка
рисинкарисинка
рисинка
 
The Automation and Proliferation of Military Drones and the Protection of Civ...
The Automation and Proliferation of Military Drones and the Protection of Civ...The Automation and Proliferation of Military Drones and the Protection of Civ...
The Automation and Proliferation of Military Drones and the Protection of Civ...
 
Course 102: Lecture 18: Process Life Cycle
Course 102: Lecture 18: Process Life CycleCourse 102: Lecture 18: Process Life Cycle
Course 102: Lecture 18: Process Life Cycle
 
Java threading
Java threadingJava threading
Java threading
 
Commodore 64 Mon Amour
Commodore 64 Mon AmourCommodore 64 Mon Amour
Commodore 64 Mon Amour
 
Refactoring to a Single Page Application
Refactoring to a Single Page ApplicationRefactoring to a Single Page Application
Refactoring to a Single Page Application
 
Single-Page Application Design Principles 101
Single-Page Application Design Principles 101Single-Page Application Design Principles 101
Single-Page Application Design Principles 101
 
Threads concept in java
Threads concept in javaThreads concept in java
Threads concept in java
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101
 
Processes and threads
Processes and threadsProcesses and threads
Processes and threads
 
The road to Ember.js 2.0
The road to Ember.js 2.0The road to Ember.js 2.0
The road to Ember.js 2.0
 
Are Drones our best friends?
Are Drones our best friends?Are Drones our best friends?
Are Drones our best friends?
 

Ähnlich wie Let's go HTTPS

Castle Presentation 08-12-04
Castle Presentation 08-12-04Castle Presentation 08-12-04
Castle Presentation 08-12-04
Howard Hellman
 
How the SSL/TLS protocol works (very briefly) How to use HTTPS
How the SSL/TLS protocol works (very briefly) How to use HTTPSHow the SSL/TLS protocol works (very briefly) How to use HTTPS
How the SSL/TLS protocol works (very briefly) How to use HTTPS
whj76337
 
State of Authenticating RESTful APIs
State of Authenticating RESTful APIsState of Authenticating RESTful APIs
State of Authenticating RESTful APIs
robwinch
 

Ähnlich wie Let's go HTTPS (20)

SSl/TLS Analysis
SSl/TLS AnalysisSSl/TLS Analysis
SSl/TLS Analysis
 
HTTPS, Here and Now
HTTPS, Here and NowHTTPS, Here and Now
HTTPS, Here and Now
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
SSL overview
SSL overviewSSL overview
SSL overview
 
Ssl certificate in internet world
Ssl certificate in internet worldSsl certificate in internet world
Ssl certificate in internet world
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2
 
Castle Presentation 08-12-04
Castle Presentation 08-12-04Castle Presentation 08-12-04
Castle Presentation 08-12-04
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
How the SSL/TLS protocol works (very briefly) How to use HTTPS
How the SSL/TLS protocol works (very briefly) How to use HTTPSHow the SSL/TLS protocol works (very briefly) How to use HTTPS
How the SSL/TLS protocol works (very briefly) How to use HTTPS
 
State of Authenticating RESTful APIs
State of Authenticating RESTful APIsState of Authenticating RESTful APIs
State of Authenticating RESTful APIs
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overview
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSEC
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept
 
How does TLS work?
How does TLS work?How does TLS work?
How does TLS work?
 
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
 
Overview of SSL & TLS Client-Server Interactions
Overview of SSL & TLS Client-Server InteractionsOverview of SSL & TLS Client-Server Interactions
Overview of SSL & TLS Client-Server Interactions
 

Mehr von Codemotion

Mehr von Codemotion (20)

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending story
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storia
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard Altwasser
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
 

Kürzlich hochgeladen

Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Monica Sydney
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
kumargunjan9515
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
F
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
Monica Sydney
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
F
 

Kürzlich hochgeladen (20)

Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 

Let's go HTTPS

  • 1. ROME 18-19 MARCH 2016 Let's Go ! HTTPS Simone Carle4
  • 3. ! HTTPS I About HTTPS II Obtaining an SSL cer?ficate III Deploying an SSL cer?ficate IV Serving HTTPS IV III II I
  • 5.
  • 8. HTTPS (also called HTTP over TLS, HTTP over SSL, and HTTP Secure) is a protocol for secure communica?on over a computer network which is widely used on the Internet. HTTPS consists of communica?on over Hypertext Transfer Protocol (HTTP) within a connec?on encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer. hTps://en.wikipedia.org/wiki/HTTPS IV III II I
  • 9. What is HTTPS? HTTPS is a secure HTTP connec?on. IV III II I
  • 10. HTTPS is HTTP over an encrypted connec?on secured by TLS (previously SSL). IV III II I
  • 11. HTTPS is how websites securely exchange informa?on. IV III II I
  • 12. Secure Connec@on Encryp@on The process of encoding messages or informa?on in such a way that only authorized par?es can read it. Authen@ca@on The process of determining whether someone or something is, in fact, who or what it is declared to be. IV III II I
  • 13. KEEP CALM AND HTTP IS NOT ENCRYPTED
  • 20.
  • 23. Why HTTPS? ! Security ! Ranking factor ! HTTP/2 ! HTML 5 features ! Chrome Geo loca?on ! Firefox form + HTTPSIV III II I
  • 24. ! Security • Data integrity • User sensible informa?on • Unencrypted traffic can be: • sniffed • modified (e.g. adver?sement or script injec?on)
  • 27. ! HTML 5 powerful features hTps://blog.mozilla.org/security/2015/04/30/depreca?ng-non-secure-hTp/ hTps://sites.google.com/a/chromium.org/dev/Home/chromium-security/depreca?ng-powerful-features-on-insecure-origins
  • 28. ! Chrome Geo location hTps://codereview.chromium.org/1530403002/
  • 29. ! Firefox form + HTTPS hTps://www.fxsitecompat.com/en-CA/docs/2015/non-hTps-sites-containing-login-form-will-be-marked-insecure/
  • 30. " SSL Cer@ficate A cer?ficate is a digital document that contains a public key, some informa?on about the en?ty associated with it, and a digital signature from the cer?ficate issuer. IV III II I
  • 31. x.509 SSL Cer@ficate # Version $ Serial Number % Issuer & Validity ' Subject ( Public Key " ) Extensions IV III II I
  • 32. Cer@ficate Types ! Single-name cer?ficate example.com ! Wildcard-name cer?ficate *.example.com ! SAN cer?ficate example.com, www.example.com, foobar.com, … IV III II I
  • 33. Symmetric vs Asymmetric *! ( encrypt ( decrypt Shared secret key( +John +Jane *! Jane public key Jane private key ( ( +John +Jane ( decrypt ( encrypt encryp@on IV III II I
  • 34. Symmetric encryp@on "hello world!" "puggy eyxgr!" "hello world!""puggy eyxgr!" [["a", "b"], ["b", "w"], ["c", "n"], ["d", "r"], ["e", "u"], ["f", "o"], ["g", "v"], ["h", "p"], ["i", "s"], ["j", "z"], ["k", "k"], ["l", "g"], ["m", "m"], ["n", "h"], ["o", "y"], ["p", "c"], ["q", "j"], ["r", "x"], ["s", "d"], ["t", "t"], ["u", "f"], ["v", "i"], ["w", "e"], ["x", "l"], ["y", "a"], ["z", "q"]] John encrypts John sends to Jane Jane receives from John Jane decrypts IV III II I
  • 35. How does HTTPS work? IV III II I
  • 36. It's not a one-click setup :( yet IV III II I
  • 37. Handshake, - DISCLAIMER: This schema is simplified on purpose. IV III II I
  • 38. Handshake SYN , - DISCLAIMER: This schema is simplified on purpose. IV III II I
  • 39. Handshake SYN SYN ACK , - DISCLAIMER: This schema is simplified on purpose. IV III II I
  • 40. Handshake SYN SYN ACK . Client Random ( Cipher suites ClientHello , - DISCLAIMER: This schema is simplified on purpose. IV III II I
  • 41. Handshake SYN SYN ACK . Client Random ( Cipher suites / Server Random ( Cipher suite " Cer?ficates 0 Session ID 1 Server key exchange data ClientHello ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone , - DISCLAIMER: This schema is simplified on purpose. IV III II I
  • 42. Handshake SYN SYN ACK . Client Random ( Cipher suites / Server Random ( Cipher suite " Cer?ficates 0 Session ID 1 Server key exchange data ClientHello ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone 1 Client key exchange data ClientKeyExchange , - DISCLAIMER: This schema is simplified on purpose. IV III II I
  • 43. Handshake SYN SYN ACK . Client Random ( Cipher suites / Server Random ( Cipher suite " Cer?ficates 0 Session ID 1 Server key exchange data ClientHello ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone 1 Client key exchange data ClientKeyExchange SYMMETRIC KEY IS GENERATED , - DISCLAIMER: This schema is simplified on purpose. IV III II I
  • 44. Handshake SYN SYN ACK . Client Random ( Cipher suites / Server Random ( Cipher suite " Cer?ficates 0 Session ID 1 Server key exchange data ClientHello ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone 1 Client key exchange data ! Client switches to encryp?on ! MAC of handshake ClientKeyExchange ChangeCipherSpec, Finished SYMMETRIC KEY IS GENERATED , - DISCLAIMER: This schema is simplified on purpose. IV III II I
  • 45. Handshake SYN SYN ACK . Client Random ( Cipher suites / Server Random ( Cipher suite " Cer?ficates 0 Session ID 1 Server key exchange data ClientHello ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone 1 Client key exchange data ! Client switches to encryp?on ! MAC of handshake ClientKeyExchange ChangeCipherSpec, Finished ! Server switches to encryp?on ! MAC of handshake ChangeCipherSpec, Finished SYMMETRIC KEY IS GENERATED , - DISCLAIMER: This schema is simplified on purpose. IV III II I
  • 46. Handshake SYN SYN ACK . Client Random ( Cipher suites / Server Random ( Cipher suite " Cer?ficates 0 Session ID 1 Server key exchange data ClientHello ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone 1 Client key exchange data ! Client switches to encryp?on ! MAC of handshake ClientKeyExchange ChangeCipherSpec, Finished ! Server switches to encryp?on ! MAC of handshake ChangeCipherSpec, Finished SYMMETRIC KEY IS GENERATED 2 Applica?on data2 Applica?on data , - DISCLAIMER: This schema is simplified on purpose. IV III II I
  • 47. Cipher Suites A cipher suite is a selec?on of cryptographic primi?ves and other parameters that defines exactly how security will be implemented. Bulletproof SSL and TLS IV III II I
  • 48. Cryptographic primi@ves At the lowest level, cryptography relies on various cryptographic primi0ves. Each primi?ve is designed with a par?cular useful func?onality in mind. The primi?ves alone are not very useful, but we can combine them into schemes and protocols to provide robust security. For example, we might use one primi?ve for hashing, one for encryp@on and another for integrity checking. IV III II I
  • 49. Obtaining an SSL cer@ficate II IV III II I
  • 50. self signed vs trusted • Provides encryp?on • Provides authen?ca?on • Issued and signed by a publicly trusted Cer?fica?on Authority • Suitable for produc?on environments as well for tes?ng • Generally not free • Provides encryp?on • Doesn't provide authen?ca?on • self-signed • Generally used for tes?ng • Free
  • 51. Cer?ficate Authority A Cer?ficate Authority (CA) is a trusted, private en?ty that issues digital cer?ficates. IV III II I
  • 52. Chain of trust • Browsers and opera?ng systems include a list of trusted cer?ficates • These cer?ficates are called root cer'ficates, and they generally belong to trusted par?es, such as cer?ficate authori?esIV III II I
  • 53. Chain of trust • When a cer?ficate authority issues a cer?ficate, they sign the cer?ficate with their root cer?ficate IV III II I
  • 54. Chain of trust • Truthfully, in most cases cer?fica?on authori?es use sub-cer?ficates to sign your cer?ficate • These cer?ficates are called intermediate cer'ficates, and they are signed with a root cer?ficateIV III II I
  • 55. Chain of trust • When the browser connects to a site via HTTPS, the browser reads the site cer?ficate • The cer?ficate doesn't match a trusted root cer?ficateIV III II I
  • 56. Chain of trust • The browser aTempts to download the cer?ficate that was used to sign the current cer?ficate • The cer?ficate doesn't match a trusted root cer?ficateIV III II I
  • 57. Chain of trust • The browser aTempts to download the cer?ficate that was used to sign the current cer?ficate • The cer?ficate matches a root cer?ficate • The original cer@ficate is trusted :) • The en?re cer@ficate chain is trusted 3 IV III II I
  • 58. Chain of trust • The browser aTempts to download the cer?ficate that was used to sign the current cer?ficate • The cer?ficate doesn't match a root cer?ficate, and there are no more cer?ficates • The original cer@ficate is untrusted :( • The en?re cer@ficate chain is untrusted 4 IV III II I
  • 60. Create a Cer@ficate Generate a
 Private/Public key pair $ openssl genrsa -des3 -out private.key 2048 ... Enter pass phrase for private.key: Verifying - Enter pass phrase for private.key: IV III II I
  • 61. Create a Cer@ficate Generate a
 Private/Public key pair Generate a
 Cer?ficate Signing Request (CSR) $ openssl req -nodes -new -key private.key -out server.csr ... Country Name (2 letter code) [AU]:US Common Name (eg, YOUR name) []:www.example.com ... IV III II I
  • 62. Create a Cer@ficate Generate a
 Private/Public key pair Generate a
 Cer?ficate Signing Request (CSR) for a self-signed cer?ficate
 Sign the cer?ficate $ openssl x509 -req -days 365 -in server.csr -signkey private.key -out certificate.pem hTps://devcenter.heroku.com/ar?cles/ssl-cer?ficate-self IV III II I
  • 63. Request a trusted Cer@ficate Generate a
 Private/Public key pair Generate a
 Cer?ficate Signing Request (CSR) for a trusted cer?ficate
 Request the Cer?ficate (*) Request generally means purchase. You can purchase an SSL cer?ficate either from a CA, or a reseller. Some providers offer visual tools that help you with the request process (e.g. by genera?ng the CSR) (*) IV III II I
  • 64. Request a trusted Cer@ficate Generate a
 Private/Public key pair Generate a
 Cer?ficate Signing Request (CSR) for a trusted cer?ficate
 Request the Cer?ficate (*) • Select the cer?ficate type • Submit the CSR • Validate the request • Obtain the cer?ficate (*) IV III II I
  • 65. ! (DV) Domain Validated asserts control of a domain ! (OV) Organiza?on Validated asserts control of a domain as well basic organiza?onal vepng ! (EV) Extended Valida?on asserts control of a domain as well extended organiza?onal vepng Cer@ficate Types IV III II I
  • 66. 5 Now you should have 1. A CSR file 2. A cer?ficate file 3. A private key file 4. (op0onally) A list of intermediate cer?ficate files -----BEGIN CERTIFICATE----- MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -----END CERTIFICATE-----IV III II I
  • 67. Deploying an SSL cer@ficate IV III II I III
  • 68. Install the cer@ficate on the server along with the private key, and intermediate cer?ficate chain. Configure HTTPS configure protocol version, cypher suite and cypher sepngs. To deploy HTTPS you need to: IV III II I
  • 69. History of secure protocols SSL 1 Never released SSL 2 1996 A number of security flaws SSL 3 1995 Broken. Vulnerable to POODLE aTack TLS 1.0 1999 TLS 1.1 2006 TLS 1.2 2008IV III II I
  • 70. Example config server { listen 443 ssl http2; listen [::]:443 ssl http2; # ssl certificate config ssl_certificate /path/to/certificate_and_intermediates; ssl_certificate_key /path/to/private_key; # ssl session config ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # protocol and cipher config ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_prefer_server_ciphers on; } IV III II I
  • 71. Example config server { listen 443 ssl http2; listen [::]:443 ssl http2; # ssl certificate config ssl_certificate /path/to/certificate_and_intermediates; ssl_certificate_key /path/to/private_key; # ssl session config ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # protocol and cipher config ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_prefer_server_ciphers on; } IV III II I
  • 72. Example config server { listen 443 ssl http2; listen [::]:443 ssl http2; # ssl certificate config ssl_certificate /path/to/certificate_and_intermediates; ssl_certificate_key /path/to/private_key; # ssl session config ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # protocol and cipher config ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_prefer_server_ciphers on; } IV III II I
  • 73. Example config server { listen 443 ssl http2; listen [::]:443 ssl http2; # ssl certificate config ssl_certificate /path/to/certificate_and_intermediates; ssl_certificate_key /path/to/private_key; # ssl session config ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # protocol and cipher config ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_prefer_server_ciphers on; } IV III II I
  • 75. Heroku $ heroku addons:create ssl:endpoint Adding ssl:endpoint on example... done, v1 ($20/mo) $ heroku certs:add server.crt server.key Adding SSL Endpoint to example... done example now served by example-2121.herokussl.com. Certificate details: Expires At: 2012-10-31 21:53:18 GMT Issuer: C=US; ST=CA; L=SF; O=Heroku; CN=www.example.com Starts At: 2011-11-01 21:53:18 GMT hTps://devcenter.heroku.com/ar?cles/ssl-endpoint hTps://devcenter.heroku.com/ar?cles/ssl-cer?ficate-dnsimpleIV III II I
  • 80. Lifecycle of a Cer@ficate 6 Requested ! Issued & Expired 4 Revoked 7 Rekeyed
  • 82. Cookie security $ curl -I https://dnsimple.com HTTP/1.1 200 OK Server: nginx Date: Tue, 15 Mar 2016 15:52:08 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive ETag: W/"f2d21600cdff911b9ee6a44dabcda234" Cache-Control: max-age=0, private, must-revalidate Set-Cookie: _session=eccefb19761929d668000056d1b2; path=/; HttpOnly; secure X-Request-Id: 9d77f4c5-ab6b-443e-91bd-76a0383d8ab5 X-Runtime: 0.016254 Strict-Transport-Security: max-age=31536000 IV III II I
  • 83. Cookie security $ curl -I https://dnsimple.com HTTP/1.1 200 OK Server: nginx Date: Tue, 15 Mar 2016 15:52:08 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive ETag: W/"f2d21600cdff911b9ee6a44dabcda234" Cache-Control: max-age=0, private, must-revalidate Set-Cookie: _session=eccefb19761929d668000056d1b2; path=/; HttpOnly; secure X-Request-Id: 9d77f4c5-ab6b-443e-91bd-76a0383d8ab5 X-Runtime: 0.016254 Strict-Transport-Security: max-age=31536000 IV III II I
  • 84. Mixed Content security error IV III II I
  • 85. Mixed Content security error IV III II I
  • 86. Mixed Content security error IV III II I
  • 87. Mixed Content security error IV III II I
  • 88. Mixed Content security error IV III II I
  • 90. HSTS Header $ curl -I https://dnsimple.com HTTP/1.1 200 OK Server: nginx Date: Tue, 15 Mar 2016 15:52:08 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive ETag: W/"f2d21600cdff911b9ee6a44dabcda234" Cache-Control: max-age=0, private, must-revalidate Set-Cookie: _session=eccefb19761929d668000056d1b2; path=/; HttpOnly; secure X-Request-Id: 9d77f4c5-ab6b-443e-91bd-76a0383d8ab5 X-Runtime: 0.016254 Strict-Transport-Security: max-age=31536000 IV III II I
  • 91. HSTS Header The first ?me your site is accessed using HTTPS and it returns the Strict-Transport- Security header, the browser records this informa?on, so that future aTempts to load the site using HTTP will automa?cally use HTTPS instead. When the expira?on ?me specified by the Strict-Transport-Security header elapses, the next aTempt to load the site via HTTP will proceed as normal instead of automa?cally using HTTPS. Strict-Transport-Security: max-age=31536000 Strict-Transport-Security: max-age=31536000; includeSubDomains Strict-Transport-Security: max-age=31536000; includeSubDomains; preload IV III II I
  • 92. HSTS Header The first ?me your site is accessed using HTTPS and it returns the Strict-Transport- Security header, the browser records this informa?on, so that future aTempts to load the site using HTTP will automa?cally use HTTPS instead. When the expira?on ?me specified by the Strict-Transport-Security header elapses, the next aTempt to load the site via HTTP will proceed as normal instead of automa?cally using HTTPS. Strict-Transport-Security: max-age=31536000 Strict-Transport-Security: max-age=31536000; includeSubDomains Strict-Transport-Security: max-age=31536000; includeSubDomains; preload IV III II I
  • 93. HSTS Header Strict-Transport-Security: max-age=31536000 Strict-Transport-Security: max-age=31536000; includeSubDomains Strict-Transport-Security: max-age=31536000; includeSubDomains; preload hTps://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security hTps://hstspreload.appspot.com/ IV III II I
  • 94. Public Key Pinning hTps://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning Public-Key-Pins: pin-sha256="base64=="; max-age=expireTime [; includeSubdomains][; report-uri="reportURI"] Public-Key-Pins: max-age=5184000; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg=" IV III II I