TLS extensions support with ALB

TLS extensions support with ALB

• Supported: ALPN, NPN, Session Ticket, TLS False Start

• Unsuppored: TLS Renegotiation, OCSP Stapling

ALPN, NPN 対応

デフォルトだとALPNによるネゴシエーションが行われる。ここでは、クライアントからh2とhttp/1.1でリクエストが行われて、ネゴシエーションが行われるが、ALBはALPNでh2のみのサポートなので、結果的にHTTP/2でリクエストが行われている。

$ curl -Iv --http2 https://alb.test.hayashier.com
* Rebuilt URL to: https://alb.test.hayashier.com/
*   Trying 54.186.147.77...
* TCP_NODELAY set
* Connected to alb.test.hayashier.com (54.186.147.77) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
  CAfile: /usr/local/etc/openssl/cert.pem
  CApath: /usr/local/etc/openssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.test.hayashier.com
*  start date: Mar 28 00:00:00 2018 GMT
*  expire date: Apr 28 12:00:00 2019 GMT
*  subjectAltName: host alb.test.hayashier.com matched cert's *.test.hayashier.com
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fbe72001a00)
> HEAD / HTTP/2
> Host: alb.test.hayashier.com
> User-Agent: curl/7.59.0
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200 
HTTP/2 200 
< date: Tue, 24 Jul 2018 00:03:54 GMT
date: Tue, 24 Jul 2018 00:03:54 GMT
< content-type: text/html; charset=UTF-8
content-type: text/html; charset=UTF-8
< content-length: 47
content-length: 47
< server: Apache/2.2.34 (Amazon)
server: Apache/2.2.34 (Amazon)
< last-modified: Sat, 27 Jan 2018 17:13:02 GMT
last-modified: Sat, 27 Jan 2018 17:13:02 GMT
< etag: 60725-2f-563c5202222f8
etag: 60725-2f-563c5202222f8
< accept-ranges: bytes
accept-ranges: bytes

< 
* Connection #0 to host alb.test.hayashier.com left intact

ALPNを利用しない場合、NPNによるネゴシエーションが行われて、ALB側から提示されたHTTP/2でリクエストが行われる。

$ curl -Iv --http2 https://alb.test.hayashier.com --no-alpn
* Rebuilt URL to: https://alb.test.hayashier.com/
*   Trying 54.186.147.77...
* TCP_NODELAY set
* Connected to alb.test.hayashier.com (54.186.147.77) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
  CAfile: /usr/local/etc/openssl/cert.pem
  CApath: /usr/local/etc/openssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP2 (h2)
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Unknown (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
*  subject: CN=*.test.hayashier.com
*  start date: Mar 28 00:00:00 2018 GMT
*  expire date: Apr 28 12:00:00 2019 GMT
*  subjectAltName: host alb.test.hayashier.com matched cert's *.test.hayashier.com
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f92f8000600)
> HEAD / HTTP/2
> Host: alb.test.hayashier.com
> User-Agent: curl/7.59.0
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200 
HTTP/2 200 
< date: Tue, 24 Jul 2018 00:04:25 GMT
date: Tue, 24 Jul 2018 00:04:25 GMT
< content-type: text/html; charset=UTF-8
content-type: text/html; charset=UTF-8
< content-length: 47
content-length: 47
< server: Apache/2.2.34 (Amazon)
server: Apache/2.2.34 (Amazon)
< last-modified: Sat, 27 Jan 2018 15:23:55 GMT
last-modified: Sat, 27 Jan 2018 15:23:55 GMT
< etag: 606ee-2f-563c399ec5b72
etag: 606ee-2f-563c399ec5b72
< accept-ranges: bytes
accept-ranges: bytes

< 
* Connection #0 to host alb.test.hayashier.com left intact

ALPNもNPNも無効化するとHTTP/1.1によるリクエストが行われる。

$curl -Iv --http2 https://alb.test.hayashier.com --no-alpn --no-npn
* Rebuilt URL to: https://alb.test.hayashier.com/
*   Trying 54.186.147.77...
* TCP_NODELAY set
* Connected to alb.test.hayashier.com (54.186.147.77) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
  CAfile: /usr/local/etc/openssl/cert.pem
  CApath: /usr/local/etc/openssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
*  subject: CN=*.test.hayashier.com
*  start date: Mar 28 00:00:00 2018 GMT
*  expire date: Apr 28 12:00:00 2019 GMT
*  subjectAltName: host alb.test.hayashier.com matched cert's *.test.hayashier.com
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
> HEAD / HTTP/1.1
> Host: alb.test.hayashier.com
> User-Agent: curl/7.59.0
> Accept: */*
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Tue, 24 Jul 2018 00:04:55 GMT
Date: Tue, 24 Jul 2018 00:04:55 GMT
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Content-Length: 47
Content-Length: 47
< Connection: keep-alive
Connection: keep-alive
< Server: Apache/2.2.34 (Amazon)
Server: Apache/2.2.34 (Amazon)
< Last-Modified: Sat, 27 Jan 2018 17:13:02 GMT
Last-Modified: Sat, 27 Jan 2018 17:13:02 GMT
< ETag: 60725-2f-563c5202222f8
ETag: 60725-2f-563c5202222f8
< Accept-Ranges: bytes
Accept-Ranges: bytes

< 
* Connection #0 to host alb.test.hayashier.com left intact

Session Ticket対応, OCSPステープリング未対応, TLSリネゴシエーション未対応

Secure Renegotiation IS supportedと表示されているのは、TLSリネゴシエーションが全く対応していないことを誤解なく表現することができないため。 TLS ネゴシエーションの対応状況の表示について、Secure Renegotiation IS NOT supportedという表記もあるが、古いバージョンやセキュアではないものなら対応しているとクライアント側が捉えてしまう。

$ openssl s_client -connect alb.test.hayashier.com:443 -status
CONNECTED(00000003)
OCSP response: no response sent
:
:
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
    Session-ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Session-ID-ctx: 
    Master-Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Key-Arg   : None
    TLS session ticket lifetime hint: 43200 (seconds)
    TLS session ticket:
    0000 - 03 67 27 28 c0 8f 6a 1c-c4 3c e8 ba 92 81 ef b8   .g'(..j..<......
    0010 - 2e 14 61 6d 1b 7c 6e 92-52 ec 43 db 88 e7 e5 40   ..am.|n.R.C....@
    0020 - a9 bb 68 bc 52 fb 5d a8-c2 b5 fc 5e b0 9e ad 4f   ..h.R.]....^...O
    0030 - 0c f3 4f 5c e6 c6 0d ba-a1 6f 3a 26 77 d2 92 9e   ..O\.....o:&w...
    0040 - ad d1 27 67 63 2f 71 ee-3f 44 d8 5c 83 f0 f4 a2   ..'gc/q.?D.\....
    0050 - c0 c1 6d 63 cf 5b 7e 7b-84 91 25 f8 4b 63 40 62   ..mc.[~{..%.Kc@b
    0060 - ae 7e 0e 85 d0 6e 26 91-4d a7 cc b2 19 27 ab 45   .~...n&.M....'.E
    0070 - 1d 13 16 c4 de 92 de 68-f0 fa ef ec 6d 47 f7 4d   .......h....mG.M
    0080 - a6 9e c8 37 c7 d6 27 7d-39 ad d4 ba ab 6d a4 65   ...7..'}9....m.e
    0090 - 63 cb 55 60 b2 71 3f e2-88 b2 a3 de f7 07 a5 fe   c.U`.q?.........
    00a0 - 78 6e bd b0 27 56 19 5b-73 0e 39 7c bd 73 91 56   xn..'V.[s.9|.s.V

    Start Time: 1532350327
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
R
RENEGOTIATING
>>> TLS 1.0 Handshake [length 0077], ClientHello
    01 00 00 73 03 01 5b 55 cf a5 53 90 12 da 2b 46
    c4 0a bf b6 93 5d d3 bc 36 b9 0e b0 d8 bb 40 66
    1a 46 a4 60 e9 ca 00 00 2c 00 39 00 38 00 35 00
    16 00 13 00 0a 00 33 00 32 00 2f 00 9a 00 99 00
    96 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00
    08 00 06 00 03 01 00 00 1e ff 01 00 0d 0c da b4
    09 84 30 79 74 53 b2 0f 94 a8 00 23 00 00 00 05
    00 05 01 00 00 00 00
4177:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.7/src/ssl/s3_pkt.c:566:

TLS False Start 対応

$ export SSLKEYLOGFILE=${PWD}/sslkey.log
$ curl --false-start -Iv https://alb.test.hayashier.com
* Rebuilt URL to: https://alb.test.hayashier.com/
*   Trying 52.33.85.187...
* TCP_NODELAY set
* Connected to alb.test.hayashier.com (52.33.85.187) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Trying TLS False Start
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
:

curlコマンド実行時の内容をtcpdumpで取得。

$ sudo tcpdump port 443 -w sample.pcap

sslkey.logの内容は以下。

# SSL/TLS secrets log file, generated by NSS
CLIENT_RANDOM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

• Wiresharkを起動して、Wireshark > Preferences > Protocols > SSL から (Pre)-Master-Secret log filenameで先程のsslkey.logを選択して、TLSのデコード。

• クライアントは、サーバからのFinishedメッセージを受け取る前にApplication Dataが送られている。

1 2018-07-23 23:54:41.910735    172.31.19.138         52.33.85.187          TCP      74     36450 → 443 [SYN] Seq=0 Win=26883 Len=0 MSS=8961 SACK_PERM=1 TSval=2690627380 TSecr=0 WS=128
2 2018-07-23 23:54:41.911307    52.33.85.187          172.31.19.138         TCP      74     443 → 36450 [SYN, ACK] Seq=0 Ack=1 Win=26847 Len=0 MSS=1460 SACK_PERM=1 TSval=3034643252 TSecr=2690627380 WS=256
3 2018-07-23 23:54:41.911325    172.31.19.138         52.33.85.187          TCP      66     36450 → 443 [ACK] Seq=1 Ack=1 Win=27008 Len=0 TSval=2690627380 TSecr=3034643252
4 2018-07-23 23:54:42.018513    172.31.19.138         52.33.85.187          TLSv1.2  269    Client Hello
5 2018-07-23 23:54:42.018966    52.33.85.187          172.31.19.138         TCP      66     443 → 36450 [ACK] Seq=1 Ack=204 Win=28160 Len=0 TSval=3034643279 TSecr=2690627407
6 2018-07-23 23:54:42.020259    52.33.85.187          172.31.19.138         TLSv1.2  5119   Server Hello, Certificate, Server Key Exchange, Server Hello Done
7 2018-07-23 23:54:42.020278    172.31.19.138         52.33.85.187          TCP      66     36450 → 443 [ACK] Seq=204 Ack=5054 Win=36992 Len=0 TSval=2690627407 TSecr=3034643279
8 2018-07-23 23:54:42.028395    172.31.19.138         52.33.85.187          TLSv1.2  192    Client Key Exchange, Change Cipher Spec, Finished
9 2018-07-23 23:54:42.028815    172.31.19.138         52.33.85.187          HTTP     182    HEAD / HTTP/1.1 
10 2018-07-23 23:54:42.029135    52.33.85.187          172.31.19.138         TLSv1.2  117    Change Cipher Spec, Finished
11 2018-07-23 23:54:42.030630    52.33.85.187          172.31.19.138         HTTP     367    HTTP/1.1 200 OK 
12 2018-07-23 23:54:42.030659    172.31.19.138         52.33.85.187          TCP      66     36450 → 443 [ACK] Seq=446 Ack=5406 Win=39936 Len=0 TSval=2690627410 TSecr=3034643282
13 2018-07-23 23:54:42.031186    172.31.19.138         52.33.85.187          TLSv1.2  97     Alert (Level: Warning, Description: Close Notify)
14 2018-07-23 23:54:42.031210    172.31.19.138         52.33.85.187          TCP      66     36450 → 443 [FIN, ACK] Seq=477 Ack=5406 Win=39936 Len=0 TSval=2690627410 TSecr=3034643282
15 2018-07-23 23:54:42.031580    52.33.85.187          172.31.19.138         TCP      66     443 → 36450 [FIN, ACK] Seq=5406 Ack=478 Win=28160 Len=0 TSval=3034643282 TSecr=2690627410
16 2018-07-23 23:54:42.031591    172.31.19.138         52.33.85.187          TCP      66     36450 → 443 [ACK] Seq=478 Ack=5407 Win=39936 Len=0 TSval=2690627410 TSecr=3034643282

No.13のAlertプロトコルはClose Notifyのもの

Frame 13: 97 bytes on wire (776 bits), 97 bytes captured (776 bits)
Ethernet II, Src: 02:61:19:43:1c:6e (02:61:19:43:1c:6e), Dst: 02:d1:4f:df:55:85 (02:d1:4f:df:55:85)
Internet Protocol Version 4, Src: 172.31.19.138, Dst: 52.33.85.187
Transmission Control Protocol, Src Port: 36450, Dst Port: 443, Seq: 446, Ack: 5406, Len: 31
Secure Sockets Layer
    TLSv1.2 Record Layer: Alert (Level: Warning, Description: Close Notify)
        Content Type: Alert (21)
        Version: TLS 1.2 (0x0303)
        Length: 26
        Alert Message
            Level: Warning (1)
            Description: Close Notify (0)

Reference

• Transport Layer Security (TLS)

  • URL: https://hpbn.co/transport-layer-security-tls/