Network Working Group W. Hoehlhubmer Internet-Draft Nov 17, 2013 Category: Best Current Practice Intended status: Standards Track Expires: May 18, 2014 Informational Add-on for HTTP over the Secure Sockets Layer (SSL) Protocol and/or the Transport Layer Security (TLS) Protocol draft-hoehlhubmer-https-upd-12 Abstract This document describes an Add-on for websites providing encrypted connectivity (HTTP over TLS). The Add-on has two parts, one for the Domain Name System (DNS) - storing the X.509 certificate hashes - and one for the webserver itself - an additional webpage providing specific informations. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on May 18, 2014. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents Hoehlhubmer Expires May 18, 2014 [Page 1] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Notation . . . . . . . . . . . . . . . . . . . 4 2. Implementing this Add-on . . . . . . . . . . . . . . . . . . 4 2.1. Implementing the DNS part . . . . . . . . . . . . . . . . . 5 2.1.1. Calculating the Hashes . . . . . . . . . . . . . . . . . 5 2.1.1.1. Calculating the Packed form . . . . . . . . . . . . . . 6 2.1.2. Arbitrary String Attribute Syntax . . . . . . . . . . . . 6 2.1.3. DNS-entry Namespace . . . . . . . . . . . . . . . . . . 7 2.2. Implementing the HTTP part . . . . . . . . . . . . . . . . 8 2.2.1. Webpage Content . . . . . . . . . . . . . . . . . . . . . 9 2.2.2. Formating and Presenting the webpage . . . . . . . . . . 10 3. Verification Procedure for the DNS part . . . . . . . . . . . 10 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 5. Security Considerations . . . . . . . . . . . . . . . . . . . 11 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 7. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 11 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 8.1. Normative References . . . . . . . . . . . . . . . . . . . 12 8.2. Informative References . . . . . . . . . . . . . . . . . . 12 9. Discussions . . . . . . . . . . . . . . . . . . . . . . . . . 15 A. Example certificates . . . . . . . . . . . . . . . . . . . . 16 A.1. The DER-encoded CA certificate . . . . . . . . . . . . . . 16 A.1.1. The CA's public key . . . . . . . . . . . . . . . . . . . 16 A.2. The DER-encoded SSL certificate . . . . . . . . . . . . . . 17 B. Script Examples for the Add-on webpage . . . . . . . . . . . 18 B.1. PHP-script . . . . . . . . . . . . . . . . . . . . . . . . 18 B.2. CGI-script: A BASH shell script . . . . . . . . . . . . . . 19 B.3. CGI-script: A compiled C program . . . . . . . . . . . . . 19 C. Sample Content of the Add-on webpage . . . . . . . . . . . . 22 C.1. A complete sample content . . . . . . . . . . . . . . . . . 22 C.1.1. ..., the client certificate part . . . . . . . . . . . . 23 C.2. Picking another cipher suite . . . . . . . . . . . . . . . 23 C.2.1. ..., and one more . . . . . . . . . . . . . . . . . . . 23 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 24 Hoehlhubmer Expires May 18, 2014 [Page 2] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 1. Introduction HTTP over TLS [HTTPTLS] is not limited to e.g. electronic banking sites. E-commerce is also using this technology on their websites for encrypted communication between clients (users) and them. A list of a few encryption algorithms: (1) Advanced Encryption Standard (AES) (2) Data Encryption Standard (DES, 3DES) (3) Ron's Code 4 (RC4) (4) ... As an example a list of some kinds of the Camellia encryption algorithm [CAMELLIA] (names taken from OpenSSL help [OPENSSL]): (1) CAMELLIA-128-CBC: 128-bit Camellia encryption in CBC mode (2) CAMELLIA-128-ECB: 128-bit Camellia encryption in ECB mode (3) CAMELLIA-192-CBC: 192-bit Camellia encryption in CBC mode (4) CAMELLIA-192-ECB: 192-bit Camellia encryption in ECB mode (5) CAMELLIA-256-CBC: 256-bit Camellia encryption in CBC mode (6) CAMELLIA-256-ECB: 256-bit Camellia encryption in ECB mode (7) ... A list of possible secure layer used: (1) The Secure Sockets Layer (SSL) Protocol: (1a) Version 2.0 [SSLv2] (1b) Version 3.0 [SSLv3] (2) The Transport Layer Security (TLS) Protocol: (2a) Version 1.0 [TLSv1.0] (2b) Version 1.1 [TLSv1.1] (2c) Version 1.2 [TLSv1.2] A list of possible Ciphersuites for Transport Layer Security (TLS): (1) Pre-Shared Key Cipher Suites [RFC4279] (2) Elliptic Curve Cryptography (ECC) Cipher Suites [RFC4492] (3) Pre-Shared Key Cipher Suites with NULL Encryption [RFC4785] (4) AES Galois Counter Mode (GCM) Cipher Suites [RFC5288] (5) DES and IDEA Cipher Suites [RFC5469] (6) ECDHE_PSK Cipher Suites [RFC5489] (7) Camellia Cipher Suites [RFC5932] (8) ... Hoehlhubmer Expires May 18, 2014 [Page 3] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 A list of possible Hashing Algorithms: (1) the [MD2] Message-Digest Algorithm (historic see [RFC6149]) (2) the [MD4] Message-Digest Algorithm (historic see [RFC6150]) (3) the [MD5] Message-Digest Algorithm used commonly in past (4) the US Secure Hash Algorithm 1 [SHA1] (5) more US Secure Hash Algorithms [RFC6234] (6) ... Only the X.509 Certificates [PKIX] are static, all other informations depend on the capabilities of the used web browser. Not every browser allows you to view all these informations, especially the Cipher Suite the browser has picked for use. With most browsers you can view the used X.509 certificates of the actual session, but you have no direct comparison if they are the correct ones. It is a good practice to show these informations on the website. The X.509 certificates which are shown by the browser and those, that are shown in this Add-on webpage MUST match; with other words: If they do not match, there is going on a man-in-the-middle attack. To give the browser, a plug-in, or just a stand-alone program the ability to verify, that the X.509 certificate is correct, the Fingerprint and/or Hash of the X.509 certificates are stored in the Domain Name System (DNS) [DNS-1,DNS-2] as arbitrary string attributes as specified in [RFC1464]. 1.1. Requirements Notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 2. Implementing this Add-on This Add-on has two parts. Section 2.1. describes the implementation of the neccessary entries in the Domain Name System (DNS). Section 2.2. describes the implementation of the additional webpage. Hoehlhubmer Expires May 18, 2014 [Page 4] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 2.1. Implementing the DNS part 2.1.1 Calculating the Hashes For calculating the hashes use either [SHA1] or SHA-224, SHA-256, SHA-384, or SHA-512 as specified in [RFC6234]. Take each X.509 certificate of the whole chain and calculate the hash of the DER-encoded certificate. The example certificates of Appendix A give these SHA-224 hashes in hex: CA: 00fcc1bb4d09a392f5729a0c1e1ed4247db6b21da1fca9bf6d218db4 SSL: eacbdc6c27cba4ecc87b4e953b56c6987d87430b682b1f13031b04de and these SHA-512 hashes in hex: CA: 6744023893a9a046e713b5615bcf1a267a41da13712f4eb964e496754bd94310 5a5a3a8b9b071dea25f90fa7aa9c877dcc2ec81a7c97b640b30dd35083252078 SSL: df0dee228b19aa1eac6d2227d11cb243562058db5a4041b208ed77028699874 7ed7ba08026791961d338cb2063f3485ec9fe07d5631a8a1b1da34025cb8962f5 Concatenate the binary form of the calculated hashes in the correct order beginning at the root. Generate the Base64 encoding [RFC4648] from the concatenated hashes. This example gives the following Base64 from the concatenated SHA-224 hashes: APzBu00Jo5L1cpoMHh7UJH22sh2h/Km/bSGNtOrL3Gwny6TsyHtOlTtWxph9h0ML aCsfEwMbBN4= and from the SHA-512 hashes: Z0QCOJOpoEbnE7VhW88aJnpB2hNxL065ZOSWdUvZQxBaWjqLmwcd6iX5D6eqnId9 zC7IGnyXtkCzDdNQgyUgeN8N7iKLGaoerG0iJ9EcskNWIFjbWkBBsgjtdwKGmYdH 7XuggCZ5GWHTOMsgY/NIXsn+B9VjGoobHaNAJcuJYvU= Due to size limitations as specified in [DNS-2] Section 2.3.4. and the Syntax as specified in Section 2.1.2. below this Base64 encoded hash MUST NOT be longer than 214 octets. Hoehlhubmer Expires May 18, 2014 [Page 5] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 This table shows when to use the packed form of calculation explained in next Section 2.1.1.1. +-----------+--------------+ | Hashing | X.509 | | algorithm | certificates | +-----------+--------------+ | SHA-1 | 9 or more | +-----------+--------------+ | SHA-224 | 6 or more | +-----------+--------------+ | SHA-256 | 6 or more | +-----------+--------------+ | SHA-384 | 4 or more | +-----------+--------------+ | SHA-512 | 3 or more | +-----------+--------------+ 2.1.1.1. Calculating the Packed form The calculation is the same except, that the binary form of the concatenated hashes is hashed again using the SHA-512 algorithm. Generate the Base64 encoding from this SHA-512 hash. The example from the previous Section 2.1.1. has only two X.509 certificates. There would not be any need of packing this by hashing again. The Base64 encoding of this packed SHA-512 hash is the following: 4iBTHcxpK4GG0thWbLaq9gQx2UmFDPI2DJDWyeKYk3RmUwS+nkuCXYXR6ED4iGy4 Ftl5nFcsta9rwMvsaQx/wg== 2.1.2 Arbitrary String Attribute Syntax The syntax for a complete arbitrary string attribute, using the ABNF notation and core rules of [RFC5234], is: attribute = DQUOTE attr-algo *SP attr-count *SP attr-hashes *SP attr-packed DQUOTE attr-algo = "algo=" hash-algo ";" attr-count = "count=" cert-count ";" attr-hashes = "hashes=" cert-hashes ";" attr-packed = "packed=" packed-form ";" Hoehlhubmer Expires May 18, 2014 [Page 6] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 hash-algo = 1*("sha1" / "sha224" / "sha256" / "sha384" / "sha512") ; possible hashing algorithms cert-count = 1DIGIT ; number of X.509 certificates of ; the whole certificates chain cert-hashes = base64string ; base64 encoding of the certificates ; hashes packed-form = 1BIT ; "0" non-packed base64 encoded hashes, ; "1" packed base64 encoded hashes base64string = 1*(ALPHA / DIGIT / "+" / "/") [ "=" [ "=" ] ] separator = %x3B ; ";" The example from Section 2.1.1. gives these: "algo=SHA224; count=2; hashes=APzBu00Jo5L1cpoMHh7UJH22sh2h/Km/bSG NtOrL3Gwny6TsyHtOlTtWxph9h0MLaCsfEwMbBN4=; packed=0;" "algo=SHA512; count=2; hashes=Z0QCOJOpoEbnE7VhW88aJnpB2hNxL065ZOS WdUvZQxBaWjqLmwcd6iX5D6eqnId9zC7IGnyXtkCzDdNQgyUgeN8N7iKLGaoerG0i J9EcskNWIFjbWkBBsgjtdwKGmYdH7XuggCZ5GWHTOMsgY/NIXsn+B9VjGoobHaNAJ cuJYvU=; packed=0;" "algo=SHA512; count=2; hashes=4iBTHcxpK4GG0thWbLaq9gQx2UmFDPI2DJD WyeKYk3RmUwS+nkuCXYXR6ED4iGy4Ftl5nFcsta9rwMvsaQx/wg==; packed=1;" All three are valid. Using the non packed form SHOULD be preferred. 2.1.3. DNS-entry Namespace For this Add-on a subdomain named "_sslcert" is used. INFORMATIVE OPERATIONAL NOTE: Wildcard DNS records (e.g., *._sslcert.example.com) are only used in context with Wildcard X.509 certificates. Note also that wildcards within domains (e.g., s._sslcert.*.example.com) are not supported by the DNS. Hoehlhubmer Expires May 18, 2014 [Page 7] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 The DNS entries for this example look like these: ; IPv4 address www.example.com. IN A 192.0.2.1 ; IPv6 address www.example.com. IN AAAA 2001:db8::1 ; X.509 certificates hashes, SHA-224 www._sslcert.example.com. IN TXT "algo=SHA224; count=2; hashes=A PzBu00Jo5L1cpoMHh7UJH22sh2h/Km/bSGNtOrL3Gwny6TsyHtOlTtWxph9h0MLaC sfEwMbBN4=; packed=0;" ; X.509 certificates hashes, SHA-512 www._sslcert.example.com. IN TXT "algo=SHA512; count=2; hashes=Z 0QCOJOpoEbnE7VhW88aJnpB2hNxL065ZOSWdUvZQxBaWjqLmwcd6iX5D6eqnId9zC 7IGnyXtkCzDdNQgyUgeN8N7iKLGaoerG0iJ9EcskNWIFjbWkBBsgjtdwKGmYdH7Xu ggCZ5GWHTOMsgY/NIXsn+B9VjGoobHaNAJcuJYvU=; packed=0;" ; X.509 certificates hashes, SHA-512, packed www._sslcert.example.com. IN TXT "algo=SHA512; count=2; hashes=4 iBTHcxpK4GG0thWbLaq9gQx2UmFDPI2DJDWyeKYk3RmUwS+nkuCXYXR6ED4iGy4Ft l5nFcsta9rwMvsaQx/wg==; packed=1;" 2.2. Implementing the HTTP part This Add-on is just one page of the website. Its content MUST be completely generated on server side. The Common Gateway Interface [CGI1.1] is RECOMMENDED to be used. There MUST exist at least one relative reference to this page as defined in [RFC3986] Section 4.2. For doing so see the sample scripts from Appendix B. To see how this Add-on works, see [MYADDON]. Hoehlhubmer Expires May 18, 2014 [Page 8] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 2.2.1. Webpage Content The informations MUST be the following: (1) The actual date and time (2) The cipher specification name (3) Number of cipher bits (actually used) (4) Number of cipher bits (possible) (5) The SSL Protocol version: SSLv2, SSLv3, TLSv1.0, TLSv1.1, TLSv1.2, ... (6) If cipher is an export cipher: false, true (7) If secure renegotiation is supported: false, true (8) Algorithm used for the public key of server's certificate (9) Algorithm used for the signature of server's certificate (10) Issuer DN of server's certificate (11) Subject DN in server's certificate (12) The serial of the server certificate (13) The version of the server certificate (14) Validity of server's certificate (start time) (15) Validity of server's certificate (end time) (16) Client certificate verification: NONE, SUCCESS, GENEROUS or FAILED:reason (17) SSL compression method negotiated: NULL when disabled For connections where X.509 certificates are used for authentication these informations are RECOMMENDED: (18) Algorithm used for the public key of client's certificate (19) Algorithm used for the signature of client's certificate (20) Issuer DN of client's certificate (21) Subject DN in client's certificate (22) The serial of the client certificate (23) The version of the client certificate (24) Validity of client's certificate (start time) (25) Validity of client's certificate (end time) (26) Number of days until client's certificate expires This information MAY be given: (27) The hex-encoded SSL session id (28) Contents of the SNI TLS extension (if supplied with ClientHello) Hoehlhubmer Expires May 18, 2014 [Page 9] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 These OPTIONAL informations depend on the used software: (29) The SSL-module program version: e.g. Apache mod_ssl version (30) The SSL program version: e.g. OpenSSL version See Appendix C for a sample content. 2.2.2. Formating and Presenting the webpage You SHALL present this information simple, plain Text is enough. When using HTML, only relative references as defined in [RFC3986] Section 4.2. MAY be used. It is RECOMMENDED to use only a subset of [HTML2.0]. The actual date and time SHALL be formatted as specified in [RFC5322] Section 3.3. The time MUST NOT differ with more than 5 seconds from the real date/time. Any translation or sorting the order of this content is OPTIONAL. 3. Verification Procedure for the DNS part When the webbrowser or a plug-in honors the additional DNS entries, it SHOULD give a warning to the user: (1) when it doesn't find the entry (2) when the entry doesn't match In case the DNS entries were retrieved by [DNSSEC] instead of simple DNS, then the user MUST give a permission to go further, when one of the two scenarios occurs. Hoehlhubmer Expires May 18, 2014 [Page 10] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 4. IANA Considerations There are no requests for IANA actions in this document. 5. Security Considerations When implementing the HTTP part as a popup window in the browser, this information MUST also be available with enabled popup-blocker. The implementation MUST NOT use any scripts, that run on client side: e.g. Javascript, ... There SHOULD also be no references to other websites inside this Add-on page. 6. Acknowledgements 7. Recommendations [DNSSEC] SHOULD be used for the DNS part. Using a standardized URL for the HTTP part is RECOMMENDED, for more see Discussions at Section 9. Hoehlhubmer Expires May 18, 2014 [Page 11] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 8. References 8.1. Normative References [DNS-1] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, November 1987. [DNS-2] Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, November 1987. [HTTPTLS] Rescorla, E., "HTTP over TLS", RFC 2818, May 2000. [PKIX] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008. 8.2. Informative References [CAMELLIA] Matsui, M., Nakajima, J., and S. Moriai, "A Description of the Camellia Encryption Algorithm", RFC 3713, April 2004. [DNSSEC] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "DNS Security Introduction and Requirements", RFC 4033, March 2005. Hoehlhubmer Expires May 18, 2014 [Page 12] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 [CGI1.1] Robinson, D. and K. Coar, "The Common Gateway Interface (CGI) Version 1.1", RFC 3875, October 2004. [HTML2.0] Berners-Lee, T. and D. Connolly, "Hypertext Markup Language - 2.0", RFC 1866, November 1995. [MD2] Kaliski, B., "The MD2 Message-Digest Algorithm", RFC 1319, April 1992. [MD4] Rivest, R., "The MD4 Message-Digest Algorithm", RFC 1320, April 1992. [MD5] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April 1992. [SHA1] Eastlake 3rd, D. and P. Jones, "US Secure Hash Algorithm 1 (SHA1)", RFC 3174, September 2001. [SSLv2] Hickman, Kipp, "The SSL Protocol", Netscape Communications Corp., Feb 9, 1995. [SSLv3] Freier, A., Karlton, P., and P. Kocher, "The Secure Sockets Layer (SSL) Protocol Version 3.0", RFC 6101, August 2011. [TLSv1.0] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999. [TLSv1.1] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.1", RFC 4346, April 2006. [TLSv1.2] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008. [OPENSSL] OpenSSL Cryptography and SSL/TLS Toolkit at http://www.openssl.org/ [RFC1464] Rosenbaum, R., "Using the Domain Name System To Store Arbitrary String Attributes", RFC 1464, May 1993. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005. Hoehlhubmer Expires May 18, 2014 [Page 13] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 [RFC4279] Eronen, P., Ed., and H. Tschofenig, Ed., "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)", RFC 4279, December 2005. [RFC4492] Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and B. Moeller, "Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)", RFC 4492, May 2006. [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, October 2006. [RFC4785] Blumenthal, U. and P. Goel, "Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS)", RFC 4785, January 2007. [RFC5234] Crocker, D., Ed., and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, January 2008. [RFC5288] Salowey, J., Choudhury, A., and D. McGrew, "AES Galois Counter Mode (GCM) Cipher Suites for TLS", RFC 5288, August 2008. [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, October 2008. [RFC5469] Eronen, P., Ed., "DES and IDEA Cipher Suites for Transport Layer Security (TLS)", RFC 5469, February 2009. [RFC5489] Badra, M. and I. Hajjeh, "ECDHE_PSK Cipher Suites for Transport Layer Security (TLS)", RFC 5489, March 2009. [RFC5932] Kato, A., Kanda, M., and S. Kanno, "Camellia Cipher Suites for TLS", RFC 5932, June 2010. [RFC6149] Turner, S. and L. Chen, "MD2 to Historic Status", RFC 6149, March 2011. [RFC6150] Turner, S. and L. Chen, "MD4 to Historic Status", RFC 6150, March 2011. [RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234, May 2011. Hoehlhubmer Expires May 18, 2014 [Page 14] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 [MYADDON] A working implementation of this Add-on on my website at https://ssl.mathemainzel.info/sslinfo/ 9. Discussions It would be good to have a standardized URL for this Add-on webpage; e.g. https://www.example.com/sslinfo/ Placing an Absolute URI as defined in [RFC3986] Section 4.3. outside the encrypted website part is RECOMMENDED. Hoehlhubmer Expires May 18, 2014 [Page 15] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 A. Example certificates A.1. The DER-encoded CA certificate This section contains the full, DER-encoded certificate, in hex. 1010600634021010601500010016400004020010020000010064600044061030 5210311000676700040100240503000003050703001300301105240300300400 1023026455010061007060001406002125011412051407066557047545063562 0120610110600014060021250114130514130665570475450635620671250721 5101006100706000140600212501140305100706755702016404050301706000 6427030067030460030460030060030060030060013532033415030464031462 0310610324630324710550710434600054610044600014060021250114060264 0203045503002000301605240300500400342306752306255507111703054703 0024003022052403005404005423067523062555071117052547064556030564 0300200030160524030014040034230675220721570414400301011176010064 6000440610305210311000676700040100240100140010660103000010460110 0402000201071316115226031524061442141373010143166673165250141015 0517401044541316341204240165050550721355741560520432570444641506 6212130607367410244201373701137307300614742302406311650507617510 2115172574007434061225113362175757116071145403104350137377010514 1601271540621072141376071226201714071567250673200574521157610255 1515761102656314564700175211011417064417277604020203762405372207 4623073516001402000001121401030143030141003017052403011435000401 0023770300050004031774010070600014060165250004171774010020040010 0300300101646000140601652500201600202607142401206117056206232514 4163006736034416141314025571166561030336003037052403021435014004 0130600122000305630710241527610715441573100070151460710747020704 5315735500646000440610305210311000676700040100240500140010060100 6000064104177605102053130121063016051615111404042507164044160755 0150730227030737461373310202221205130644631422570426040372570324 0106623304640504442010640207527417434210564615636511027014202013 2210113030032353130707014732025533023174116127173702002647127304 0476341541621070161534751436560126630235111776670102040261610302 2317534312263011522403605011472510677411363503034305034010220600 0114 A.1.1. The CA's public key This section contains the DER-encoded public RSA key of the CA who signed the example SSL certificate. It is included with the purpose of simplifying verifications of the example certificate. Hoehlhubmer Expires May 18, 2014 [Page 16] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 1004600302370030150250110442061736060004150004010000051004030002 1510046000121110060114700011316205223202106317554306170213542012 4355006752160302026123116211012263042641035035076132025273127734 0321061311111433211362420211671576051754270030220115660317170424 5007663504657407620401636511241717114216762603477300163416431317 7610046276053421031340106330103616110277003645152763150335025156 1705370466331044530717371234551653130460031222201773611013651121 00151077111527047171001167000403000400 A.2. The DER-encoded SSL certificate This section contains the full, DER-encoded certificate, in hex. 1010601044021010601710010016400004020010020004010064600044061030 5210311000676700040100240503000003050703001300301105240300300400 1023026455010061007060001406002125011412051407066557047545063562 0120610110600014060021250114130514130665570475450635620671250721 5101006100706000140600212501140305100706755702016404050301706000 6427030067030460030460030060030060030060013532033415030460031462 0310610324630324710550710234600054610044600014060021250114060264 0203045503003000302605240300140400742307356702716707414506654106 6160027145067543030155117601006460004406103052103110006767000401 0024010014001066010300001046011004020002010306350224351562760733 0201553513736613223202707401572412765103062504052411220602401605 6252132200177140167322136432161133067275017065117657147015104103 1320470130561271570461311722030710130570270727500270640500641707 7207510002302210257601600417462415564614327511176510662500200211 5031053744134352077175044205021561031707012630025157134361044574 1710160201730353711402010574261455531607560014020000011214011222 0110046003024100301105240301143500100400006000706000140601652500 0417177401002004001003120005016460001406016525002016002026052024 1211441111160234400147731747170770361023170065521711200303340030 3705240302143501400401306001220003056307102415276107154415731000 7015146071074702070453157355015060001406016525002021030023101021 0734170735670624560605700701550625540614560665570114600014060165 2500204503001400301202541000040600240500140703000100302305240302 0035006004005060004060003006100547000414000402006460004406103052 1031100067670004010024050014001006011050000731771510471102230437 5505451502743711211417637417525600233317671301440610514700054013 6261147431115322066751112110124235015435164317163765135144110577 0257050063051220501411621312461723760237531632761446601276110760 3316177002764501554414156702511613457713274417152503620402713116 4416066704165331145672012711066756161622041305033711123071177333 077143130262053202136157121506006646000106 Hoehlhubmer Expires May 18, 2014 [Page 17] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 B. Script Examples for the Add-on webpage Use the following script examples as a template for your implementation of this Add-on webpage. The first two examples generate identical content in plain ASCII-text, the third example makes use of HTML and is a compiled C program. Script Examples: B.1. PHP-script B.2. CGI-script: A BASH shell script, for most Linux systems B.3. CGI-script: A compiled C program, for any other system B.1. PHP-script $value ) { if ( substr( $key, 0, 4 ) == "SSL_" ) { $list[ $nmbrOfValues++ ] = $key . "=" . $value; } } sort( $list ); // sort content before printing ... for ( $iter = 0; $iter < $nmbrOfValues; $iter++ ) { print $list[ $iter ] . "\r\n"; } } else { echo "No SSL information available.\r\n"; } ?> Hoehlhubmer Expires May 18, 2014 [Page 18] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 B.2. CGI-script: A BASH shell script, for most Linux systems #!/bin/bash echo -e -n "Content-type: text/plain\n\n" echo -e -n "SSL informations: $(date --rfc-2822)\n" echo -e -n "================\n\n" if [ "$HTTPS" == "on" ]; then env | grep --regexp="^SSL_" | sort else echo -e -n "No SSL information available.\n" fi B.3. CGI-script: A compiled C program, for any other system This CGI-script is a compiled C program, and in comparison to the other 2 examples, it makes use of HTML. For compiling this program any C compiler SHOULD be suitable. Be sure your runtime supports the function strftime with standard format specifiers. #include #include #include #include #ifdef __linux__ #include #endif const char* pszHtmlEndPart [ ] = { "
", "
https at www.example.com Port 443
", "", "" }; const char* pszHtmlBeginPart[ ] = { "", "", "", "SSL informations", "", Hoehlhubmer Expires May 18, 2014 [Page 19] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 "", "

SSL informations

" }; /* function prototype used for sorting */ int compareFunc( const void* pvd1, const void* pvd2 ); int main( int argc, char* argv[ ], char** envp ) { /* char* envp[ ] */ char* * ppszContent; char* * ppsz; char* psz; char szDateTime[ 80 ]; int i, nCount; time_t tnow = time( NULL ); struct tm* tmnow = localtime( &tnow ); strftime( szDateTime, sizeof( szDateTime ) - 4, "%a, %d %b %Y %H:%M:%S %z", tmnow ); printf( "Content-type: text/html; charset=ISO-8859-1\r\n\r\n" ); nCount = sizeof( pszHtmlBeginPart ) / sizeof( char* ); for ( i = 0; i < nCount; i++ ) printf( "%s\r\n", pszHtmlBeginPart[ i ] ); printf( "SSL informations: %s\r\n", szDateTime ); printf( "

\r\n" ); if ( ( psz = getenv( "HTTPS" ) ) && ( strcmp( psz, "on" ) == 0 ) ) { /* count relevant values ... */ ppsz = envp; nCount = 0; while ( ppsz && *ppsz ) { if ( strncmp( *ppsz, "SSL_", 4 ) == 0 ) nCount++; ppsz++; } /* allocate memory */ ppszContent = (char* *) calloc( nCount, sizeof( char* ) ); Hoehlhubmer Expires May 18, 2014 [Page 20] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 if ( ppszContent ) { /* extract relevant values from environment ... */ i = 0; ppsz = envp; while ( ppsz && *ppsz ) { if ( strncmp( *ppsz, "SSL_", 4 ) == 0 ) *( ppszContent + i++ ) = *ppsz; ppsz++; } /* sort content */ qsort( (void*) ppszContent, nCount, sizeof( char* ), compareFunc ); printf( "\r\n" ); /* output sorted content */ for ( i = 0; i < nCount; i++ ) printf( "%s
\r\n", *( ppszContent + i ) ); printf( "\r\n" ); /* free up memory */ free( (void*) ppszContent ); } else printf( "Internal error (unable to allocate memory).\r\n" ); } else printf( "No SSL information available.\r\n" ); nCount = sizeof( pszHtmlEndPart ) / sizeof( char* ); for ( i = 0; i < nCount; i++ ) printf( "%s\r\n", pszHtmlEndPart[ i ] ); return 0; } /* comparison function for sorting */ int compareFunc( const void* pvd1, const void* pvd2 ) { return strcmp( *( (char* *) pvd1 ), *( (char* *) pvd2 ) ); } Hoehlhubmer Expires May 18, 2014 [Page 21] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 C. Sample Content of the Add-on webpage The first example shows a complete sample content in sorted order. The second example shows the client certificate part, in case client certificate authentication is used. The other two examples show only the part that may differ when the browser picks another cipher suite. For meaning of the numbers in brackets of the examples see Section 2.2.1. C.1. A complete sample content C.1a. ..., the client certificate part C.2. Picking another cipher suite C.2a. ..., and one more C.1. A complete sample content SSL informations: Thu, 01 Jan 1970 00:00:00 +0000 (1) ================ SSL_CIPHER=AES256-SHA (2) SSL_CIPHER_ALGKEYSIZE=256 (4) SSL_CIPHER_EXPORT=false (6) SSL_CIPHER_USEKEYSIZE=256 (3) SSL_CLIENT_VERIFY=NONE (16) SSL_COMPRESS_METHOD=NULL (17) SSL_PROTOCOL=TLSv1 (5) SSL_SECURE_RENEG=true (7) SSL_SERVER_A_KEY=rsaEncryption (8) SSL_SERVER_A_SIG=sha1WithRSAEncryption (9) SSL_SERVER_I_DN=/C=--/O=SomeOrg/OU=SomeOrgUnit/CN=Root CA (10) SSL_SERVER_I_DN_C=-- (10) SSL_SERVER_I_DN_CN=Root CA (10) SSL_SERVER_I_DN_O=SomeOrg (10) SSL_SERVER_I_DN_OU=SomeOrgUnit (10) SSL_SERVER_M_SERIAL=01 (12) SSL_SERVER_M_VERSION=3 (13) SSL_SERVER_S_DN=/C=--/CN=www.example.com (11) SSL_SERVER_S_DN_C=-- (11) SSL_SERVER_S_DN_CN=www.example.com (11) SSL_SERVER_V_END=Dec 31 23:59:59 1970 GMT (15) SSL_SERVER_V_START=Jan 01 00:00:00 1970 GMT (14) SSL_SESSION_ID=0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF (27) SSL_TLS_SNI=www.example.com (28) SSL_VERSION_INTERFACE=mod_ssl/2.2.15 (29) SSL_VERSION_LIBRARY=OpenSSL/1.0.0-fips (30) Hoehlhubmer Expires May 18, 2014 [Page 22] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 C.1.1. ..., the client certificate part ... SSL_CLIENT_A_KEY=rsaEncryption (18) SSL_CLIENT_A_SIG=sha1WithRSAEncryption (19) SSL_CLIENT_I_DN=/C=--/O=SomeOrg/OU=SomeOrgUnit/CN=Root CA (20) SSL_CLIENT_I_DN_C=-- (20) SSL_CLIENT_I_DN_CN=Root CA (20) SSL_CLIENT_I_DN_O=SomeOrg (20) SSL_CLIENT_I_DN_OU=SomeOrgUnit (20) SSL_CLIENT_M_SERIAL=02 (22) SSL_CLIENT_M_VERSION=3 (23) SSL_CLIENT_S_DN=/CN=Name/emailAddress=name@example.com (21) SSL_CLIENT_S_DN_CN=Name (21) SSL_CLIENT_S_DN_Email=name@example.com (21) SSL_CLIENT_VERIFY=SUCCESS (16) SSL_CLIENT_V_END=Dec 31 23:59:59 1970 GMT (25) SSL_CLIENT_V_REMAIN=365 (26) SSL_CLIENT_V_START=Jan 01 00:00:00 1970 GMT (24) ... C.2. Picking another cipher suite ... SSL_CIPHER=RC4-MD5 SSL_CIPHER_ALGKEYSIZE=128 SSL_CIPHER_EXPORT=false SSL_CIPHER_USEKEYSIZE=128 ... SSL_PROTOCOL=SSLv3 SSL_SECURE_RENEG=false ... C.2.1. ..., and one more ... SSL_CIPHER=AES128-SHA256 SSL_CIPHER_ALGKEYSIZE=128 SSL_CIPHER_EXPORT=false SSL_CIPHER_USEKEYSIZE=128 ... SSL_PROTOCOL=TLSv1.2 SSL_SECURE_RENEG=true ... Hoehlhubmer Expires May 18, 2014 [Page 23] Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013 Author's Address Walter Hoehlhubmer Lederergasse 47a A-4020 Linz Austria, EUROPE EMail: walter.h@mathemainzel.info Hoehlhubmer Expires May 18, 2014 [Page 24]