TLS extensions support in ALB
hayashierTLS extensions support in ALB
- Supported: ALPN, NPN, Session Ticket, TLS False Start
- Unsuppored: TLS Renegotiation, OCSP Stapling
ALPN, NPN 対応
デフォルトだとALPNによるネゴシエーションが行われる。ここでは、クライアントからh2とhttp/1.1でリクエストが行われて、ネゴシエーションが行われるが、ALBはALPNでh2のみのサポートなので、結果的にHTTP/2でリクエストが行われている。
$ curl -Iv --http2 https://alb.test.hayashier.com
* Rebuilt URL to: https://alb.test.hayashier.com/
* Trying 54.186.147.77...
* TCP_NODELAY set
* Connected to alb.test.hayashier.com (54.186.147.77) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
CAfile: /usr/local/etc/openssl/cert.pem
CApath: /usr/local/etc/openssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.test.hayashier.com
* start date: Mar 28 00:00:00 2018 GMT
* expire date: Apr 28 12:00:00 2019 GMT
* subjectAltName: host alb.test.hayashier.com matched cert's *.test.hayashier.com
* issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fbe72001a00)
> HEAD / HTTP/2
> Host: alb.test.hayashier.com
> User-Agent: curl/7.59.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
HTTP/2 200
< date: Tue, 24 Jul 2018 00:03:54 GMT
date: Tue, 24 Jul 2018 00:03:54 GMT
< content-type: text/html; charset=UTF-8
content-type: text/html; charset=UTF-8
< content-length: 47
content-length: 47
< server: Apache/2.2.34 (Amazon)
server: Apache/2.2.34 (Amazon)
< last-modified: Sat, 27 Jan 2018 17:13:02 GMT
last-modified: Sat, 27 Jan 2018 17:13:02 GMT
< etag: 60725-2f-563c5202222f8
etag: 60725-2f-563c5202222f8
< accept-ranges: bytes
accept-ranges: bytes
<
* Connection #0 to host alb.test.hayashier.com left intact
ALPNを利用しない場合、NPNによるネゴシエーションが行われて、ALB側から提示されたHTTP/2でリクエストが行われる。
$ curl -Iv --http2 https://alb.test.hayashier.com --no-alpn
* Rebuilt URL to: https://alb.test.hayashier.com/
* Trying 54.186.147.77...
* TCP_NODELAY set
* Connected to alb.test.hayashier.com (54.186.147.77) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
CAfile: /usr/local/etc/openssl/cert.pem
CApath: /usr/local/etc/openssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP2 (h2)
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Unknown (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* subject: CN=*.test.hayashier.com
* start date: Mar 28 00:00:00 2018 GMT
* expire date: Apr 28 12:00:00 2019 GMT
* subjectAltName: host alb.test.hayashier.com matched cert's *.test.hayashier.com
* issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f92f8000600)
> HEAD / HTTP/2
> Host: alb.test.hayashier.com
> User-Agent: curl/7.59.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
HTTP/2 200
< date: Tue, 24 Jul 2018 00:04:25 GMT
date: Tue, 24 Jul 2018 00:04:25 GMT
< content-type: text/html; charset=UTF-8
content-type: text/html; charset=UTF-8
< content-length: 47
content-length: 47
< server: Apache/2.2.34 (Amazon)
server: Apache/2.2.34 (Amazon)
< last-modified: Sat, 27 Jan 2018 15:23:55 GMT
last-modified: Sat, 27 Jan 2018 15:23:55 GMT
< etag: 606ee-2f-563c399ec5b72
etag: 606ee-2f-563c399ec5b72
< accept-ranges: bytes
accept-ranges: bytes
<
* Connection #0 to host alb.test.hayashier.com left intact
ALPNもNPNも無効化するとHTTP/1.1によるリクエストが行われる。
$curl -Iv --http2 https://alb.test.hayashier.com --no-alpn --no-npn
* Rebuilt URL to: https://alb.test.hayashier.com/
* Trying 54.186.147.77...
* TCP_NODELAY set
* Connected to alb.test.hayashier.com (54.186.147.77) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
CAfile: /usr/local/etc/openssl/cert.pem
CApath: /usr/local/etc/openssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* subject: CN=*.test.hayashier.com
* start date: Mar 28 00:00:00 2018 GMT
* expire date: Apr 28 12:00:00 2019 GMT
* subjectAltName: host alb.test.hayashier.com matched cert's *.test.hayashier.com
* issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
* SSL certificate verify ok.
> HEAD / HTTP/1.1
> Host: alb.test.hayashier.com
> User-Agent: curl/7.59.0
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Tue, 24 Jul 2018 00:04:55 GMT
Date: Tue, 24 Jul 2018 00:04:55 GMT
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Content-Length: 47
Content-Length: 47
< Connection: keep-alive
Connection: keep-alive
< Server: Apache/2.2.34 (Amazon)
Server: Apache/2.2.34 (Amazon)
< Last-Modified: Sat, 27 Jan 2018 17:13:02 GMT
Last-Modified: Sat, 27 Jan 2018 17:13:02 GMT
< ETag: 60725-2f-563c5202222f8
ETag: 60725-2f-563c5202222f8
< Accept-Ranges: bytes
Accept-Ranges: bytes
<
* Connection #0 to host alb.test.hayashier.com left intact
Session Ticket対応, OCSPステープリング未対応, TLSリネゴシエーション未対応
Secure Renegotiation IS supportedと表示されているのは、TLSリネゴシエーションが全く対応していないことを誤解なく表現することができないため。 TLS ネゴシエーションの対応状況の表示について、Secure Renegotiation IS NOT supportedという表記もあるが、古いバージョンやセキュアではないものなら対応しているとクライアント側が捉えてしまう。
$ openssl s_client -connect alb.test.hayashier.com:443 -status
CONNECTED(00000003)
OCSP response: no response sent
:
:
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES128-SHA
Session-ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Session-ID-ctx:
Master-Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Key-Arg : None
TLS session ticket lifetime hint: 43200 (seconds)
TLS session ticket:
0000 - 03 67 27 28 c0 8f 6a 1c-c4 3c e8 ba 92 81 ef b8 .g'(..j..<......
0010 - 2e 14 61 6d 1b 7c 6e 92-52 ec 43 db 88 e7 e5 40 ..am.|n.R.C....@
0020 - a9 bb 68 bc 52 fb 5d a8-c2 b5 fc 5e b0 9e ad 4f ..h.R.]....^...O
0030 - 0c f3 4f 5c e6 c6 0d ba-a1 6f 3a 26 77 d2 92 9e ..O\.....o:&w...
0040 - ad d1 27 67 63 2f 71 ee-3f 44 d8 5c 83 f0 f4 a2 ..'gc/q.?D.\....
0050 - c0 c1 6d 63 cf 5b 7e 7b-84 91 25 f8 4b 63 40 62 ..mc.[~{..%.Kc@b
0060 - ae 7e 0e 85 d0 6e 26 91-4d a7 cc b2 19 27 ab 45 .~...n&.M....'.E
0070 - 1d 13 16 c4 de 92 de 68-f0 fa ef ec 6d 47 f7 4d .......h....mG.M
0080 - a6 9e c8 37 c7 d6 27 7d-39 ad d4 ba ab 6d a4 65 ...7..'}9....m.e
0090 - 63 cb 55 60 b2 71 3f e2-88 b2 a3 de f7 07 a5 fe c.U`.q?.........
00a0 - 78 6e bd b0 27 56 19 5b-73 0e 39 7c bd 73 91 56 xn..'V.[s.9|.s.V
Start Time: 1532350327
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
R
RENEGOTIATING
>>> TLS 1.0 Handshake [length 0077], ClientHello
01 00 00 73 03 01 5b 55 cf a5 53 90 12 da 2b 46
c4 0a bf b6 93 5d d3 bc 36 b9 0e b0 d8 bb 40 66
1a 46 a4 60 e9 ca 00 00 2c 00 39 00 38 00 35 00
16 00 13 00 0a 00 33 00 32 00 2f 00 9a 00 99 00
96 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00
08 00 06 00 03 01 00 00 1e ff 01 00 0d 0c da b4
09 84 30 79 74 53 b2 0f 94 a8 00 23 00 00 00 05
00 05 01 00 00 00 00
4177:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.7/src/ssl/s3_pkt.c:566:
TLS False Start 対応
$ export SSLKEYLOGFILE=${PWD}/sslkey.log
$ curl --false-start -Iv https://alb.test.hayashier.com
* Rebuilt URL to: https://alb.test.hayashier.com/
* Trying 52.33.85.187...
* TCP_NODELAY set
* Connected to alb.test.hayashier.com (52.33.85.187) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Trying TLS False Start
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
:
curlコマンド実行時の内容をtcpdumpで取得。 “` $ sudo tcpdump port 443 -w sample.pcap
sslkey.logの内容は以下。 ```
# SSL/TLS secrets log file, generated by NSS
CLIENT_RANDOM xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- Wiresharkを起動して、Wireshark > Preferences > Protocols > SSL から (Pre)-Master-Secret log filenameで先程のsslkey.logを選択して、TLSのデコード。
- クライアントは、サーバからのFinishedメッセージを受け取る前にApplication Dataが送られている。
1 2018-07-23 23:54:41.910735 172.31.19.138 52.33.85.187 TCP 74 36450 → 443 [SYN] Seq=0 Win=26883 Len=0 MSS=8961 SACK_PERM=1 TSval=2690627380 TSecr=0 WS=128
2 2018-07-23 23:54:41.911307 52.33.85.187 172.31.19.138 TCP 74 443 → 36450 [SYN, ACK] Seq=0 Ack=1 Win=26847 Len=0 MSS=1460 SACK_PERM=1 TSval=3034643252 TSecr=2690627380 WS=256
3 2018-07-23 23:54:41.911325 172.31.19.138 52.33.85.187 TCP 66 36450 → 443 [ACK] Seq=1 Ack=1 Win=27008 Len=0 TSval=2690627380 TSecr=3034643252
4 2018-07-23 23:54:42.018513 172.31.19.138 52.33.85.187 TLSv1.2 269 Client Hello
5 2018-07-23 23:54:42.018966 52.33.85.187 172.31.19.138 TCP 66 443 → 36450 [ACK] Seq=1 Ack=204 Win=28160 Len=0 TSval=3034643279 TSecr=2690627407
6 2018-07-23 23:54:42.020259 52.33.85.187 172.31.19.138 TLSv1.2 5119 Server Hello, Certificate, Server Key Exchange, Server Hello Done
7 2018-07-23 23:54:42.020278 172.31.19.138 52.33.85.187 TCP 66 36450 → 443 [ACK] Seq=204 Ack=5054 Win=36992 Len=0 TSval=2690627407 TSecr=3034643279
8 2018-07-23 23:54:42.028395 172.31.19.138 52.33.85.187 TLSv1.2 192 Client Key Exchange, Change Cipher Spec, Finished
9 2018-07-23 23:54:42.028815 172.31.19.138 52.33.85.187 HTTP 182 HEAD / HTTP/1.1
10 2018-07-23 23:54:42.029135 52.33.85.187 172.31.19.138 TLSv1.2 117 Change Cipher Spec, Finished
11 2018-07-23 23:54:42.030630 52.33.85.187 172.31.19.138 HTTP 367 HTTP/1.1 200 OK
12 2018-07-23 23:54:42.030659 172.31.19.138 52.33.85.187 TCP 66 36450 → 443 [ACK] Seq=446 Ack=5406 Win=39936 Len=0 TSval=2690627410 TSecr=3034643282
13 2018-07-23 23:54:42.031186 172.31.19.138 52.33.85.187 TLSv1.2 97 Alert (Level: Warning, Description: Close Notify)
14 2018-07-23 23:54:42.031210 172.31.19.138 52.33.85.187 TCP 66 36450 → 443 [FIN, ACK] Seq=477 Ack=5406 Win=39936 Len=0 TSval=2690627410 TSecr=3034643282
15 2018-07-23 23:54:42.031580 52.33.85.187 172.31.19.138 TCP 66 443 → 36450 [FIN, ACK] Seq=5406 Ack=478 Win=28160 Len=0 TSval=3034643282 TSecr=2690627410
16 2018-07-23 23:54:42.031591 172.31.19.138 52.33.85.187 TCP 66 36450 → 443 [ACK] Seq=478 Ack=5407 Win=39936 Len=0 TSval=2690627410 TSecr=3034643282
No.13のAlertプロトコルはClose Notifyのもの
Frame 13: 97 bytes on wire (776 bits), 97 bytes captured (776 bits)
Ethernet II, Src: 02:61:19:43:1c:6e (02:61:19:43:1c:6e), Dst: 02:d1:4f:df:55:85 (02:d1:4f:df:55:85)
Internet Protocol Version 4, Src: 172.31.19.138, Dst: 52.33.85.187
Transmission Control Protocol, Src Port: 36450, Dst Port: 443, Seq: 446, Ack: 5406, Len: 31
Secure Sockets Layer
TLSv1.2 Record Layer: Alert (Level: Warning, Description: Close Notify)
Content Type: Alert (21)
Version: TLS 1.2 (0x0303)
Length: 26
Alert Message
Level: Warning (1)
Description: Close Notify (0)
Reference
- Transport Layer Security (TLS)
- URL: https://hpbn.co/transport-layer-security-tls/
