How safe is it to leave an open SSL port on the public internet?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

How safe is it to leave an open SSL port on the public internet?

asdf asdf
Hello,

I have been looking on CVE at security vulnerabilities for Erlang here : https://www.cvedetails.com/vulnerability-list/vendor_id-9446/Erlang.html to assess the risks posed to Erlang servers.


Based on the information on these sites, it seems that Erlang’s OTP 19+ is very “secure” and isn’t vulnerable to any buffer overflow/stack smashing/heap smashing attacks. Would you feel comfortable leaving a open SSL port using no peer certificates on the public internet?

For example, using a gen_server, do you think it is possible to handle all calls/casts/info’s properly without posing a risk to your system? Is there anything you would do special when your system was open to the public internet?


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: How safe is it to leave an open SSL port on the public internet?

Max Lapshin-2
yes, it is reliable.

there are some performance issues, but they are complicated. feel free to do it


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: How safe is it to leave an open SSL port on the public internet?

asdf asdf
Can you elaborate? What performance issues do I need to work around?

And when you say reliable, you mean there aren’t any attacks that I should be concerned with?

Thanks for the help!
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: How safe is it to leave an open SSL port on the public internet?

Max Lapshin-2
take a look at session cache issues



_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: How safe is it to leave an open SSL port on the public internet?

asdf asdf
So that has to do with load, which is fine because this particular instance should be light load - I am speaking more towards security. If someone connects, are there attacks they can do with access to an Erlang controlled socket?

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: How safe is it to leave an open SSL port on the public internet?

Danil Zagoskin-2
Why ask?
Deploy your server and use security analysis tool like https://www.ssllabs.com/ssltest/index.html

We get A rating (which means there are no known vulnerabilities) by disabling SSLv3 and some weak cipher suites (the tool above will tell you what to disable).

On Tue, Aug 29, 2017 at 10:15 PM, code wiget <[hidden email]> wrote:
So that has to do with load, which is fine because this particular instance should be light load - I am speaking more towards security. If someone connects, are there attacks they can do with access to an Erlang controlled socket?

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions



--
Danil Zagoskin | [hidden email]

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: How safe is it to leave an open SSL port on the public internet?

Fred Hebert-2
In reply to this post by asdf asdf
On 08/29, code wiget wrote:
>So that has to do with load, which is fine because this particular instance should be light load - I am speaking more towards security. If someone connects, are there attacks they can do with access to an Erlang controlled socket?
>

Aside from the cache issues Max has mentioned, there's a few
configuration values you might want by default:

    [{ciphers, CipherList},      % see below
     {honor_cipher_order, true}, % pick the server-defined order of ciphers
     {secure_renegotiate, true}, % prevent renegotiation hijacks
     {client_renegotiation, false}, % prevent clients DoSing w/ renegs
     {versions, ['tlsv1.2', 'tlsv1.1']}, % add tlsv1 if you must
     {reuse_sessions, false},    % drop session cache for perf
     {ecc, EllipticCurves}       % see below
    ].

A safe CipherList can be those enumerated in
https://github.com/heroku/snit/blob/master/src/snit.app.src#L45-L83 for
example, though the format in that config is meant to contain both the
OpenSSL-readable format and the Erlang-accepted one.

The order of elliptic curves I like is the one at
https://github.com/heroku/snit/blob/master/src/snit.app.src#L116-L121 --
it is not the strongest, but aligns with what AWS ELBs prefer (secp256r1
first) which gives a decent compromise between performance and safety.  
Stronger curves at 512b roughly double the time a handshake takes, but
if you prefer the safety to the perf, reorder them to be first.

Furthermore, the following values can go in your sys.config file to
further modify the SSL behaviour:

    {ssl, [
      {bypass_pem_cache, true},     % bypass PEM cache (see below)
      {session_cb, ssl_cache_null}, % see below
      {session_cb_init_args, []}    % (cont)
    ]}

The PEM cache is a cache used whenever you have disk-based certificates.  
In cases where you use in-memory certificates, it can act as a
bottleneck. See
https://blog.heroku.com/how-we-sped-up-sni-tls-handshakes-by-5x for my
writeup on the topic.

The last one about the session callback is a further cache that you may
disable if you hit performance issues. It uses the callback at
http://erlang.org/doc/man/ssl_session_cache_api.html to configure how to
store session data. A gotcha is that this table still sees some use even
if you disable the session cache (or at least it did last time I
looked). As such, you can provide an empty module like the following one
to fully bypass it:

    -module(ssl_cache_null).
    -behaviour(ssl_session_cache_api).

    -export([init/1, terminate/1, lookup/2, update/3, delete/2,
            foldl/3, select_session/2, size/1]).

    init(_) -> disabled.
    terminate(_) -> disabled.
    lookup(_,_) -> undefined.
    update(_,_,_) -> disabled.
    delete(_,_) -> disabled.
    foldl(_,Acc,_) -> Acc.
    select_session(_,_) -> [].
    size(_) -> 0.

With this module part of your project along with the config above, you
should get quite decent performance with it. Back in the days I was at
heroku, we went close to what Amazon ELBs could do in terms of
performance. Maybe a few milliseconds slower on average, but nearly an
order of magnitude faster on 99th percentiles.
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: How safe is it to leave an open SSL port on the public internet?

Fred Hebert-2
On 08/29, Fred Hebert wrote:

>Aside from the cache issues Max has mentioned, there's a few
>configuration values you might want by default:
>
>   [{ciphers, CipherList},      % see below
>    {honor_cipher_order, true}, % pick the server-defined order of ciphers
>    {secure_renegotiate, true}, % prevent renegotiation hijacks
>    {client_renegotiation, false}, % prevent clients DoSing w/ renegs
>    {versions, ['tlsv1.2', 'tlsv1.1']}, % add tlsv1 if you must
>    {reuse_sessions, false},    % drop session cache for perf
>    {ecc, EllipticCurves}       % see below
>   ].
>

Forgot to add {honor_ecc_order, true} to that list if you use the ecc
option!
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: How safe is it to leave an open SSL port on the public internet?

asdf asdf
Fred,

This is exactly what I needed, thank you. This will serve as a great reference manual.


> On Aug 29, 2017, at 6:23 PM, Fred Hebert <[hidden email]> wrote:
>
> On 08/29, Fred Hebert wrote:
>> Aside from the cache issues Max has mentioned, there's a few configuration values you might want by default:
>>
>>  [{ciphers, CipherList},      % see below
>>   {honor_cipher_order, true}, % pick the server-defined order of ciphers
>>   {secure_renegotiate, true}, % prevent renegotiation hijacks
>>   {client_renegotiation, false}, % prevent clients DoSing w/ renegs
>>   {versions, ['tlsv1.2', 'tlsv1.1']}, % add tlsv1 if you must
>>   {reuse_sessions, false},    % drop session cache for perf
>>   {ecc, EllipticCurves}       % see below
>>  ].
>>
>
> Forgot to add {honor_ecc_order, true} to that list if you use the ecc option!

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: How safe is it to leave an open SSL port on the public internet?

asdf asdf
In reply to this post by Fred Hebert-2
Also, Fred, I re-read your post and wanted to either start a quick discussion/warn you about elliptic curves. According to the NSA: "the growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, which has made it clear that elliptic curve cryptography is not the long term solution many once hoped it would be.

The NSA has deprecated ECC, whether or not that means that some foreign actor has a crack or if they are that worried about quantum computing is to be seen, but for now it seems like we should be moving away from ECC. 

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: How safe is it to leave an open SSL port on the public internet?

Technion

Hi,


Since this is a discussion around SSL, you're choices are down to what is a part of the TLS spec. Those choices are precisely between RSA, and ECC. In the upcoming TLS1.3, RSA has been dropped.


GPG only just introduced ECC support. The highly trusted libsodium uses ECC. A well respected "best practices" guide places ECC in the recommended section:


There are valid concerns around the future impact of quantum computing here, but it's currently the best option. It's certainly not true to say "the NSA has deprecated ECC", several current NIST standards recommend ECC moving forward. The only real debate is supporting the dubious NIST curves, or the alternate 25519 we've seen in TLS 1.3.

I wouldn't suggest for current, practical discussions there needs to be a warning against ECC.



From: [hidden email] <[hidden email]> on behalf of code wiget <[hidden email]>
Sent: Thursday, 31 August 2017 4:03 AM
To: Fred Hebert
Cc: Erlang-Questions Questions
Subject: Re: [erlang-questions] How safe is it to leave an open SSL port on the public internet?
 
Also, Fred, I re-read your post and wanted to either start a quick discussion/warn you about elliptic curves. According to the NSA: "the growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, which has made it clear that elliptic curve cryptography is not the long term solution many once hoped it would be.

The NSA has deprecated ECC, whether or not that means that some foreign actor has a crack or if they are that worried about quantum computing is to be seen, but for now it seems like we should be moving away from ECC. 

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: How safe is it to leave an open SSL port on the public internet?

Loïc Hoguin-3
In reply to this post by asdf asdf
On 08/30/2017 08:03 PM, code wiget wrote:

> Also, Fred, I re-read your post and wanted to either start a quick
> discussion/warn you about elliptic curves. According to the NSA: "the
> growth of elliptic curve use has bumped up against the fact of continued
> progress in the research on quantum computing, which has made it clear
> that *elliptic curve cryptography is not the long term solution many
> once hoped it would be.**”*
> *
> *
> The NSA has deprecated ECC, whether or not that means that some foreign
> actor has a crack or if they are that worried about quantum computing is
> to be seen, but for now it seems like we should be moving away from ECC.

Surely the NSA's bigger concern is that they can't crack it today,
rather than it being too weak in the future.

--
Loïc Hoguin
https://ninenines.eu
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: How safe is it to leave an open SSL port on the public internet?

zxq9-2
On 2017年09月01日 金曜日 14:57:04 Loïc Hoguin wrote:

> On 08/30/2017 08:03 PM, code wiget wrote:
> > Also, Fred, I re-read your post and wanted to either start a quick
> > discussion/warn you about elliptic curves. According to the NSA: "the
> > growth of elliptic curve use has bumped up against the fact of continued
> > progress in the research on quantum computing, which has made it clear
> > that *elliptic curve cryptography is not the long term solution many
> > once hoped it would be.**”*
> > *
> > *
> > The NSA has deprecated ECC, whether or not that means that some foreign
> > actor has a crack or if they are that worried about quantum computing is
> > to be seen, but for now it seems like we should be moving away from ECC.
>
> Surely the NSA's bigger concern is that they can't crack it today,
> rather than it being too weak in the future.

The NSA's biggest concern is that once they realize they have a lead on cracking something there is an instant (and very well founded) fear reaction that someone else must have already achieved this, but never announced it. That is the #1 priority of the NSA in every fiber of its being.

Secondarily, they have to keep trying to crack things, but for practical operational purposes HUMINT trumps SIGINT in almost every way, every day, and they aren't blind to this. Cracks are only a small part of the NSA's game; the vast majority of what they collect is given to them willfully, one way or another.

-Craig
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: How safe is it to leave an open SSL port on the public internet?

Loïc Hoguin-3
On 09/01/2017 03:03 PM, zxq9 wrote:

> On 2017年09月01日 金曜日 14:57:04 Loïc Hoguin wrote:
>> On 08/30/2017 08:03 PM, code wiget wrote:
>>> Also, Fred, I re-read your post and wanted to either start a quick
>>> discussion/warn you about elliptic curves. According to the NSA: "the
>>> growth of elliptic curve use has bumped up against the fact of continued
>>> progress in the research on quantum computing, which has made it clear
>>> that *elliptic curve cryptography is not the long term solution many
>>> once hoped it would be.**”*
>>> *
>>> *
>>> The NSA has deprecated ECC, whether or not that means that some foreign
>>> actor has a crack or if they are that worried about quantum computing is
>>> to be seen, but for now it seems like we should be moving away from ECC.
>>
>> Surely the NSA's bigger concern is that they can't crack it today,
>> rather than it being too weak in the future.
>
> The NSA's biggest concern is that once they realize they have a lead on cracking something there is an instant (and very well founded) fear reaction that someone else must have already achieved this, but never announced it. That is the #1 priority of the NSA in every fiber of its being.

In a post-Snowden world it should be obvious that this is not always the
case. Anyway I just wanted to provide some healthy skepticism.

--
Loïc Hoguin
https://ninenines.eu
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions