HTTP Secure

Hypertext Transfer Protocol Secure ( HTTPS short, English for secure hypertext transfer protocol) is a communication protocol on the World Wide Web to transfer data eavesdropping.

Technically defined it as a URI scheme, an additional layer between HTTP and TCP. HTTPS was developed by Netscape and first published in 1994 in conjunction with SSL 1.0 with their browser.

• 4.1 Certificate 4.1.1 Extended Validation Certificate

• 4.2.1 Server Name Indication
• 4.2.2 Shared SSL

• 5.1 encryption
• 5.2 Certificate System 5.2.1 Phishing and HTTPS 5.2.1.1 Warnings mixed farm
• 5.2.1.2 HSTS

Benefit

The HTTPS protocol is used for encryption and authentication of the communication between the web server and browser (client ) on the World Wide Web.

Without encryption are web data to anyone who has access to the appropriate network, as plain text. With the proliferation of wireless connections that occur frequently unencrypted about to Wi-Fi hotspots, increases the importance of HTTPS, since thus the contents are encrypted independently of the network. It thus represents the only encryption method that is supported without additional software installation on any internet capable computers.

The authentication is to ensure that each side of the connection can ascertain prior to the construction of the communication of the identity of the communication partner - a need which also grows with the increasing number of phishing attacks.

Technology

Syntactically HTTPS is different from the schema for HTTP, the additional encryption of the data is done using SSL / TLS: Using the SSL handshake protocol first takes place a protected identification and authentication of the communication partners. A common symmetric session key is then exchanged using asymmetric encryption or Diffie -Hellman key exchange. It is finally used to encrypt the user data.

The default port for HTTPS connections is 443

In addition to the server certificates also signed client certificates can be created by X.509.3. This enables authentication of the client to the server, it is rarely used.

An older version of HTTPS protocol was S- HTTP.

Client processing

With the development of HTTPS by Netscape the protocol and the user-side client software has been integrated early on in the browser. Thus, unlike the case of e -mail (S / MIME or GnuPG), SSH or SFTP, the installation of separate software by the user is not necessary.

An HTTPS connection is selected by an https URL and displayed by the SSL logo - when Internet Explorer 6, a lock icon in the status bar in Mozilla addition in the address bar, the Firefox, latest Opera and Internet Explorer 7 - browsers following a yellow Apple Safari 3.0. carried a small lock icon in the top right hand corner of the browser window

Variants of HTTPS selection

The decision whether a secure HTTPS is used instead of an HTTP connection can be accomplished in different ways:

After selecting the HTTPS address of the client browser to the user first display the certificate, provided that it can not be automatically checked using already accepted certificates. This now determine, if necessary, after examination, using the links that it trusts the certificate for this session, if necessary, it also permanently stores. Otherwise, the HTTPS connection is not established ( " leave this page " in Firefox or " Click here to exit this page. " In Internet Explorer).

Pre-installed certificates

To avoid this possible for anyone unfamiliar irritating query, a set of root certificates accepted by the browser vendors with the time that is entered during the installation. Websites that have relevant certificates, then, as derived from sub - certificates, accepted at call without prompting. Whether a root certificate is known to the browser depending on the version of the browser; Moreover, the list of certificates is partly brought online within the system update to date so in Microsoft Windows.

With Internet Explorer 7, Microsoft has, shortly thereafter tightened Mozilla with the Firefox 3, the warning unregistered certificates: Appeared previously only a pop -up " Security Alert ", which differentiated by name, source and duration of the certificate, it is now hidden content on the Website and a warning is displayed, with the recommendation not to use the page. To see this, the user must then explicitly an " Add exception". A non- registered certificate in the browser is thus increasingly unfit for mass applications.

The question of which certificates are included in the browser, has resulted in the open- source community cases is too lengthy discussions, so between CAcert, a provider of free allowances, and the Mozilla Foundation, see CAcert ( trustworthiness ).

Server Requirements

As a software for operating a HTTPS - enabled Web server SSL library such as OpenSSL is required. This is often already included, or can be installed as a module. The HTTPS service is usually provided on port 443.

Certificate

Furthermore, a digital certificate for SSL is required: A Binärdokument, which is generally of a - in turn certified - certification authority ( CA of English certificate authority ) is issued that uniquely identifies the server and domain. When applying as address data and the company name of the applicant to be examined.

In the registered root certificates registered Chains U.S. $ per year typically offered at prices 39-1200, with occasional other services, seal or insurance are included. A number of certification bodies are free from certificates. The exhibited some of StartCom certificates are thereby accepted by almost all modern browsers without error message. Also free certificates created CAcert where it previously did not succeed, to be added to the list of automatically the browser accepts certificates; see above. Such a certificate must therefore be imported manually in the client processing by the user; This behavior may also be desirable.

It is also possible, self-signed certificates (English self- signed certificate ) to use that were created without the participation of a separate instance and also must be manually confirmed. A certificate that has been created is only safe if it was delivered before the first use to the user in a secure way and imported by him in his client application. If the described secure Erstzustellungsprozess not performed, compounds with the certificate concerned are vulnerable to a man-in -the -middle attack.

To explain outdated or insecure certificates become invalid, are provided CRL ( certificate revocation list german CRL). The concept envisages that these lists regularly checked about browsers and is revoked certificates will be rejected immediately. The method is not continuous and is arranged to practical use is little.

To attacks on the certificate system, see below.

Extended Validation Certificate

Against the background of increased phishing attacks on HTTPS -secured Web applications in 2007, the CA / Browser Forum has been formed in the U.S., composed of representatives of certification bodies and browser vendors like Google, KDE, Microsoft, Mozilla and Opera. In June 2007, then a first common policy was adopted, the Extended Validation Certificate, EV SSL version 1.0, April 2008 then version 1.1.

A domain user must accept this certificate further testing: While so far only the accessibility of the admins was to examine ( by phone and e-mail), the mailing address of the applicant will be checked and performed the audit to eligible investors in the company. This also significantly higher costs due to the exemplary € 650 p. a

For the user, the EV certificate makes an additional white on green -backed company in the address bar of the browser newer (from 2007, so about Firefox 3 and IE7), the right of the site logo, noticeable. The absence of the usual ( for this site ) green color, the user should then fake HTTPS sites quickly and possibly also intuitive - ie without special training - can recognize.

IP address

To operate an HTTPS Web server for a long time its own IP address per host name was necessary.

With unencrypted HTTP that is not necessary: Since the browser host name in the HTTP header send them along multiple virtual Web servers can be operated each with its own host name to an IP address, for example in Apache via the NameVirtualHost mechanism. This method is now used in the vast majority of domains, since the domain owner himself does not engage in server.

Since, however, the HTTPS Web server for each hostname must deliver its own certificate, the hostname is transferred but only after the SSL handshake in the higher HTTP layer, which declare the host name in the HTTP header is not applicable here. The information must therefore be already transmitted during an SSL handshake, which since TLS 1.2 by using Server Name Indication (SNI) is realized. Previously, a distinction can only be based on IP / port combination; a port other than 443 is again not accepted by many proxies.

Server Name Indication

With the newer Transport Layer Security Specification 1.2 operating multiple domains is possible under the same IP via SNI. In addition, multiple domain names SubjAlt name can be used in a certificate by means of the parameter. Current browsers such as Mozilla Firefox version 2.0 or Internet Explorer version 7 (but only from Windows Vista), SNI support already.

Shared SSL

In order to enable their customers and HTTPS without its own IP address, use some provider specific "shared SSL " or "wildcard certificates ." The certificate usually refers to the entire domain, ie, third-, second- and top-level segments as https://www.kunde1.com. With shared SSL can now be the third-level domain will be awarded custom - ie about https://kunde1.provider.com while the certificate provider.com refers to *.. The provider can thus enable more customers with a certificate https.

Another variation is to perform a redirect to one used by multiple domains HTTPS server, such https://provider.com/ssl/kunde1/.

Integration

Integrating HTTPS into a website or application is analogous to the above variants of HTTPS selection:

• If HTTPS is only allowed, which can be implemented by: Forwarding ( HTML refresh) or even a rewrite of the URL
• Configuration of HTML pages with scripts or as a required SSL in Apache for example by SSLRequireSSL statement in the. Htaccess. If such a page called via http, the server generates a '403 - Forbidden ' HTTP error code.

• Also part of the link is omitted, and the user can use https by independently an "s" after " http" typing in the URL.

Performance

The encryption on the server side is computationally expensive and pollutes the server CPUs is often more than about generating the HTML codes from a scripting language. Also for this reason HTTPS has been enforced only in a small proportion of sites where it makes sense from the perspective of data protection.

The list of server-supported encryption algorithms is configured on the server side. The client then selects the first algorithm it supports from the list. To save computing time, preferably current ciphers like RC4 are on servers with high traffic (up to 128 bits ), since these are less computationally intensive than block ciphers such as AES or Camellia (up to 256 bits). Initially, some still in use 40 -bit key algorithms in turn cause less computational load, are no longer considered safe and are therefore no longer used today.

To relieve the server CPU and hardware SSL accelerator (SSL accelerators ) are offered: PCI cards with special optimized processors that are addressed from the SSL library. There are also stand-alone devices, usually in the rack construction, automatically encrypt the parts of the HTTP data stream. Furthermore, servers are offered with programmable processing units, which achieve higher performance than comparable elaborate Universal CPUs with corresponding SSL libraries, the MAU (Modular Arithmetic Unit) from Sun.

Special hardware is available but in close competition with the steady development of multi-processor and multi-core systems of the major CPU manufacturers Intel and AMD.

Attacks and vulnerabilities

With the general increase in knowledge about the HTTPS technology are also the attacks on SSL - secured connections have heaped. In addition, gaps in implementation are known by search and research. Here is a basic distinction between vulnerabilities in the encryption itself and in the certificate system.

On September 5, 2013 were related to the Global surveillance and espionage known that the NSA has gained over both attack -channel access by a program system called Bullrun.

Encoding

The encryption method used in SSL are checked regardless of their intended use regularly and are considered mathematically certain, that is, they can be theoretically with the currently known techniques do not break. The reliability of the algorithms is reviewed regularly by about competitions among cryptographers.

In May 2008, however, an error in the OpenSSL library for the Debian Linux distribution and derived derivatives such as Ubuntu was known already existed since September 2006. The error meant that key generated lie with such OpenSSL in a much smaller area, broken up with a reasonable effort and that the data can be decrypted if necessary, later. Server operators then had to not only test their SSL software, but possibly also track key that it creates in the course of two years and renew.

Then options were developed for the user page to get displayed on browser plug -ins on the one hand "weak" certificates, on the other hand perform extended checks on browser page; so the " Perspectives " plugin interviewed several " notaries ", which certificate they looked at the same site.

The operation also led to criticism of the processes in Debian and the open source development model as a whole, such as heise.de: " The apparent lack of effective quality assurance mechanisms for the maintenance of safety-critical software packages ( ... ), it is proponents of open source not make software any easier to use them in a professional environment. "

Certificate system

SSL connections are always vulnerable to man-in- the-middle attacks where the attacker traffic between client and server intercepts by these issues, for example, as an intermediary. A number of invasive procedures assume that the attacker is on the network of the victim. When DNS spoofing turn these conditions do not exist.

To pose as ( other ) server, the attacker must present a certificate. That's it for example possible if it manages to penetrate into the system a certification authority or otherwise comes into possession of a certificate that can exhibit any other certificates. Especially with influential attackers such as government agencies, such possibilities may exist, because sometimes there are also state CAs.

Phishing and HTTPS

A disadvantage of the automatic confirmation of certificates is that the user an HTTPS connection no longer consciously perceived. This has been exploited recently in phishing attacks that simulate about online banking applications and the user simulate a secure connection, " abzufischen " to input PIN / TAN codes. In response affected companies reported their clients out to click on any links from emails and enter https URLs manually or by bookmark.

Because of the sometimes superficial checks when awarding certificates was introduced by the browser manufacturers, the extended- validation- Cert, see above.

Warnings in mixed farming

In the context of increasingly sophisticated phishing attacks another problem was detected: The change of a https encrypted page to an unencrypted as well as the downloading of the unencrypted contents of a transmitted via HTTPS page. While there - for performance reasons - may be quite reasonable by the seller, only individual elements of a page output HTTPS secured, it also represents a possible security hole; as such popular browsers hide in such cases a warning. So these do not interfere in the long run, they can generally be turned off by directly binding a checkbox - but which also eliminates the warning effect during actual attacks.

HSTS

As a measure against so-called man-in- the-middle attacks, the HTTP Strict Transport Security has been or shortly proposed HSTS procedures in September 2009 for the first time. In November 2012 HSTS was published as RFC 6797. The facilities set up by the operator service sends here the specific HTTP response header called " Strict Transport Security " and among other things, a period for which the after end of a session when re- communication, the other side is recognized and forcibly enforces encryption.

A browser for it is laid out - as of August 2010 are of Firefox ( issue 4, beta ), the NoScript extension and Chrome (release 4.0.211 ) - then this session is (English session) for the specified time to process only encrypted. This also includes the independent conversion of HTTP to HTTPS addresses and outputting an error message and abort the connection if the encrypted transfer causes any error message.

Prerequisite is, of course, that the original request (initial request ) was successfully constructed from the ( original ) HTTPS server.

Attacks on the certificate system

Basically make HTTPS connections with pre-installed certificates is no absolute certainty ago.

As part of the 25th Chaos Communication Congress in Berlin, a successful attack on the SSL certificate system was released in December 2008. In international cooperation of cryptographers and with the use of specially programmed hardware - a cluster of 200 PlayStation 3 game consoles - it was able to produce a collision in MD5 algorithm, based on which an attacker himself might exhibit any certificates. From the use of the MD5 algorithm has been recommended by experts in advance of EV certificates can not be used anyway.

On the occasion of this publication was among experts also recently sharp separation between the browser registered certificates, unknown certificates (see above) critically.

Specifications

• RFC 2818 - HTTP over TLS (English)