
What web developers should know about SSL - mikemaccana
https://certsimple.com/blog/obsolete-cipher-suite-and-things-web-developers-should-know-about-ssl
======
mikemaccana
A less common question we get, that a lot of web devs are interested in is
'How do I mitigate against MITM attacks'.

\- As a browser, by using a default OS and watching the root CA store. You can
control the key stores on most devices except iOS pretty easily:
[https://certsimple.com/blog/control-the-ssl-cas-your-
browser...](https://certsimple.com/blog/control-the-ssl-cas-your-browser-
trusts)

\- As a server, setting up key pinning
([https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning))
which throws up a browser warning if someone accesses your site with a new
key.

------
daok
Right from the beginning "EV cert". What is EV? When you write article and
it's the first time you use acronym, please define it.

~~~
TazeTSchnitzel
DV = Domain Validation - all that's validated by the certificate authority
(CA) is that the person getting the certificate controls the domain

OV = Organisation Validation - the CA also checks that the person getting the
certificate is the organisation they claim to be (the cert will contain, for
example, a company name or number)

EV = Extended Validation - the CA does additional checks for authenticity and
trustworthiness

Typically, sites with EV certificates have the address bar show up green, and
the organisation name is visible in it. EV is mostly only used for stuff like
online banking. Less important things like Facebook, YouTube and your blog
will use cheaper and easier to get DV or OV certificates. Let's Encrypt! gives
you a DV certificate since domain ownership is the sole thing it can and does
validate.

~~~
frik
Somewhere I read that EV certs (green bar) are slower because of an additional
round trip or so. If it is the case, can someone point me to an article that
explains this?

~~~
noinsight
Browsers actually validate the certificate through CRL / OCSP for EV sites, if
I recall correctly.

That takes time and adds latency and there are differences between CA's in
OCSP server performance. Your location can obviously impact performance too.
If you're performance conscious you might want to take this into account.

This is actually something people don't consider when they say certificates
should be free - running these CRL / OCSP servers costs money.

[https://www.imperialviolet.org/2012/02/05/crlsets.html](https://www.imperialviolet.org/2012/02/05/crlsets.html)

Netcraft does OCSP responder performance analytics:
[http://uptime.netcraft.com/perf/reports/performance/OCSP](http://uptime.netcraft.com/perf/reports/performance/OCSP)

~~~
dan1234
Would I be right in thinking OCSP stapling would avoid the extra trip in this
instance?

~~~
noinsight
Yes. It's meant to lessen the load on the OCSP responders and improve
performance. The server will periodically fetch the OCSP response and serve it
to clients so not every client needs to do it themselves.

------
geofft
A slightly stronger argument not to use 4096-bit certs is that just about
every (intermediate) CA certificate out there is 2048-bit, and there's no
security advantage to your cert being 4096-bit if it only has a 2048-bit
signature. An attacker can just factor your CA's public key and not care how
strong your own public key is.

So it's not just that it slows down your site, it slows down your site without
any additional security or other benefit.

~~~
mikemaccana
That's an excellent point - I've added it to the article and credited you.

------
sarciszewski
Item number 1: SSL is obsolete, use TLS.

Can we please, as a society, try to move forward with the correct acronym?
Everyone who isn't wide-open-vulnerable is using TLS 1.0 or newer.
(Personally, I like to run TLS 1.2 only, but my CloudFlare domains still speak
1.0 and I can't turn it off without paying money.)

~~~
draw_down
It's difficult to understand the difference, especially when people use the
terms interchangeably.

~~~
sarciszewski
Easy mode:

    
    
        - SSL is outdated
        - TLS is newer
    

Yes, there are a lot more differences, but if we start today we might be able
to retire the use of SSLang in the future.

~~~
draw_down
Fantastic.

------
jzd
The general public couldn't care less about EV certs.

Important reading:
[http://webmasters.stackexchange.com/a/9095](http://webmasters.stackexchange.com/a/9095)

------
TazeTSchnitzel
Another thing: You should probably go TLS-only. Set up a 301 redirect from
HTTP to HTTPS, and set the Strict-Transport-Security header on all HTTPS
responses.

It's very easy to do, and ensures all your users get maximal security. The
future is encrypted.

Today I did this for my blog:
[https://github.com/TazeTSchnitzel/blog/commit/792986d18d8583...](https://github.com/TazeTSchnitzel/blog/commit/792986d18d8583712fa3fe59d0ec047b21701d46)

~~~
geofft
This is pretty reasonable provided that you're not in danger of having to stop
using HTTPS. For our personal blogs, that's probably fine (and hey, I should
kick up the timeout on my HSTS header, thanks for the reminder). For a site
that you're making for an employer or a customer, you should be certain that
they're not going to want to move it over to a non-HTTPS-compatible web host
for whatever reason. Most of the time you can be confident about this;
sometimes you can't. Strict-Transport-Security is a promise to your viewers
that for the next whatever time period you say, you're not going to change
your mind about HTTPS.

------
theandrewbailey
Re: Point 1

You really only need two ciphers to get to most browsers/clients and good
security and speed (replace RSA with ECDSA if needed):

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

Example:
[https://www.ssllabs.com/ssltest/analyze.html?d=theandrewbail...](https://www.ssllabs.com/ssltest/analyze.html?d=theandrewbailey.com)

It baffles me that Mozilla recommends 20 ciphers for their highest security
level. I think high security should be more exclusive than that, and with
forward secrecy only.

Point 5:

How I imported Let's Encrypt's certificates into a Java keystore:

    
    
        openssl pkcs12 -export -name yourdomain -in fullchain.pem -inkey privkey.pem -out pubchainpriv.p12
        keytool -importkeystore -srcstoretype pkcs12 -srckeystore pubchainpriv.p12 -alias yourdomain -destkeystore /path/to/keystore.jks

------
paulschreiber
I've compiled lots of resources for moving to HTTPS:
[https://docs.google.com/document/d/1EJKAoa4Hxc4AyH0znuA_AApl...](https://docs.google.com/document/d/1EJKAoa4Hxc4AyH0znuA_AAplcNeNejEhATFptFX-
OME/edit)

------
Swannie
A good start. If you want to improve it, please add information about how to
consume HTTPS services in a secure way.

Also potentially add an aside for self-signed/enterprise CA, as most web
developers will encounter internal systems sooner or later. This makes the
above (consuming services) more challenging :-)

------
angry-hacker
My addition: if you use SNI cert, expect loads of problems. And I don't mean
browser support.

Bing wont crawl you, you have to email the support and maybe they manually
whitelist you.

A lot of RSS readers wont work, services like pocket, reddit submissions,
mailchimp rss to email etc etc.

It's crazy considering we want to move everything to https only.

~~~
marcosdumay
Add the Hg client to that list.

The amount of software that fails because of SNI is insane. For something that
should be done systemwide by a single library, it's also too weird.

~~~
angry-hacker
Yeah, I suspect it's because of Python 2.7.9

So many things are broken because of it. It doesn't have native SNI
capability.

------
james-skemp
You might be slow from traffic, but just in case that's not the case, the
linked article loads fine but the home page does not on a 2nd gen Nexus 7.

I see the top navigation followed by a white page, no scrollbar.

~~~
nailer
What browser are you using on the Nexus 7? We test on current Chrome (which I
imagine most Nexus 7 users are using).

------
gcb0
beware of item 4. Android 2.3 is still prevalent in some markets

~~~
fredrik-j
It is of course good to be aware, but legacy Android versions shouldn't be a
show stopper for modern TLS.

For general web browsing, I'd expect that both Chrome and Firefox are
installable on Android 2.3 and bundle their own TLS libraries.

Other app developers can also vendor TLS libraries, like Bouncy Castle, to
support modern encryption on legacy devices.

~~~
hsivonen
Chrome for Android 42 and older requires Android 4.0 or newer. Current
versions require 4.1 or newer. What you say about Firefox is accurate, though.

------
leni536
What should I know about cert revocation and client support for it?

