OCSP stapling for Erlang/OTP
Posted 2018-07-11 18:42:50.698413
The last few days I’ve been working on a small patch for Erlang/OTP 21 that adds support for server-side OCSP stapling to the
ssl application. It will take more work to get it into good enough shape for a PR, but for now I wanted to try it in the real world to see if I’m on the right track.
This post will show how OCSP stapling might work with Erlang TLS servers in general, and Phoenix in particular, if and when such a feature might be merged into a future OTP release. Feel free to follow along with the patched OTP linked to below, just don’t use it in production, please!
OCSP stands for Online Certificate Status Protocol, a more modern approach to certificate revocation than unwieldy Certificate Revocation Lists (CRLs). Now some would argue that all certificate revocation is broken, and that neither CRLs nor OCSP are effective against man-in-the-middle attack with a compromised and revoked certificate, but let’s put that aside for now.
While more modern and efficient in some ways, OCSP has its own issues. A common criticism is the fact that it leaks personal information (browsing behaviour) to the issuing CA, through the OCSP status requests sent by the browsers. OCSP Stapling mitigates this concern: instead of the browser sending a status query from the user’s IP address, the server requests the OCSP response from the CA and sends it in-band as part of the TLS handshake.
Besides the privacy benefits, OCSP stapling also allows the server to cache the response and reuse it for all incoming connections. This eliminates the round-trip to to the OCSP server, reducing the load on the CA’s infrastructure and reducing the overall TLS session establishment latency.
Let’s have a look at the patch, and see what it would take to enable OCSP stapling in a Phoenix application.Continue reading...
PSA: retiring TLS test domains
Posted 2018-07-11 07:30:04.473948
Please note that the TLS test domains on this server, as mentioned in these old posts, have been retired. As an alternative I would highly recommend https://badssl.com/, which offers many more test cases than this server ever did.
Dual cert RSA/ECDSA server with Erlang/OTP 21
Posted 2018-07-03 18:55:58.000000
In my previous post about Erlang/OTP 21 I neglected to mention one change in the
OTP-15056 Application(s): ssl Deprecate ssl:ssl_accept/[1,2,3] in favour of ssl:handshake/[1,2,3]
At first glance this might look like a mere function rename, no big deal, but it turns out there is more to it than meets the eye. The new
:ssl.handshake/[1,2,3] functions support an option to introspect the capabilities of the client and make last-minute adjustments to the server TLS parameters before proceeding with the handshake. One thing this allows us to do is present an ECDSA certificate to clients that can handle it, while falling back to an RSA certificate for those that can’t.
Before diving in, I just want to make this clear: this is not going to work with current versions of Phoenix, Plug, Cowboy, and other servers. This is not a new
ssl socket option, it is a change in the way the API works. The old APIs are still there, and most applications will likely continue to use those old APIs for a while, until they drop support for pre-21 OTP versions. So with that out of the way, let’s get started…
- Erlang/OTP 21 (Posted 2018-06-23 08:36:19.000000)
- Erlang/OTP 20.3 (Posted 2018-03-14 19:00:53.000000)
- CipherSuites package updated (Posted 2018-03-12 20:16:18.000000)
- Practical security for Elixir/Phoenix (Posted 2018-01-05 08:35:18.000000)
- Security training at ElixirConf EU 2018 (Posted 2017-11-02 20:48:35.000000)
- Unauthorized Erlang? (Posted 2017-04-15 08:26:16.000000)
- Hostname verification with Erlang/OTP 19.3 (Posted 2017-03-17 06:35:40.000000)
- Plug vulnerabilities: impact assessment (Posted 2017-03-01 13:16:28.000000)
- Catching up (Posted 2017-02-27 09:28:27.000000)
- The great HTTPS client shoot-out (Posted 2016-11-05 08:03:50.000000)
- "aRSA+ECDH+AES:@STRENGTH" FTW (Posted 2016-07-05 17:30:20.000000)
- Thou shalt not trust thy neighbour's password (Posted 2016-06-24 19:20:05.000000)
- Who wants cookies? (Posted 2016-06-13 19:35:52.000000)
- Erlang/OTP 19.0 (Posted 2016-06-06 19:02:02.000000)
- ElixirConf.EU talk: video (Posted 2016-06-01 18:52:50.000000)