Network Working Group W. Hoehlhubmer
Internet-Draft Nov 17, 2013
Category: Best Current Practice
Intended status: Standards Track
Expires: May 18, 2014
Informational Add-on for HTTP over
the Secure Sockets Layer (SSL) Protocol and/or
the Transport Layer Security (TLS) Protocol
draft-hoehlhubmer-https-addon-04
Abstract
This document describes an Add-on for websites providing encrypted
connectivity (HTTP over TLS).
The Add-on has two parts, one for the Domain Name System (DNS) -
storing the X.509 certificate hashes - and one for the webserver
itself - an additional webpage providing specific informations.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 18, 2014.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
Hoehlhubmer Expires May 18, 2014 [Page 1]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Notation . . . . . . . . . . . . . . . . . . . 4
2. Implementing this Add-on . . . . . . . . . . . . . . . . . . 4
2.1. Implementing the DNS part . . . . . . . . . . . . . . . . . 5
2.1.1. Calculating the Hashes . . . . . . . . . . . . . . . . . 5
2.1.1.1. Calculating the Packed form . . . . . . . . . . . . . . 6
2.1.2. Arbitrary String Attribute Syntax . . . . . . . . . . . . 6
2.1.3. DNS-entry Namespace . . . . . . . . . . . . . . . . . . 7
2.2. Implementing the HTTP part . . . . . . . . . . . . . . . . 8
2.2.1. Webpage Content . . . . . . . . . . . . . . . . . . . . . 9
2.2.2. Formating and Presenting the webpage . . . . . . . . . . 10
3. Verification Procedure for the DNS part . . . . . . . . . . . 10
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
5. Security Considerations . . . . . . . . . . . . . . . . . . . 11
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11
7. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 11
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
8.1. Normative References . . . . . . . . . . . . . . . . . . . 12
8.2. Informative References . . . . . . . . . . . . . . . . . . 12
9. Discussions . . . . . . . . . . . . . . . . . . . . . . . . . 15
A. Example certificates . . . . . . . . . . . . . . . . . . . . 16
A.1. The DER-encoded CA certificate . . . . . . . . . . . . . . 16
A.1.1. The CA's public key . . . . . . . . . . . . . . . . . . . 16
A.2. The DER-encoded SSL certificate . . . . . . . . . . . . . . 17
B. Script Examples for the Add-on webpage . . . . . . . . . . . 18
B.1. PHP-script . . . . . . . . . . . . . . . . . . . . . . . . 18
B.2. CGI-script: A BASH shell script . . . . . . . . . . . . . . 19
B.3. CGI-script: A compiled C program . . . . . . . . . . . . . 19
C. Sample Content of the Add-on webpage . . . . . . . . . . . . 22
C.1. A complete sample content . . . . . . . . . . . . . . . . . 22
C.1.1. ..., the client certificate part . . . . . . . . . . . . 23
C.2. Picking another cipher suite . . . . . . . . . . . . . . . 23
C.2.1. ..., and one more . . . . . . . . . . . . . . . . . . . 23
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 24
Hoehlhubmer Expires May 18, 2014 [Page 2]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
1. Introduction
HTTP over TLS [HTTPTLS] is not limited to e.g. electronic banking
sites. E-commerce is also using this technology on their websites
for encrypted communication between clients (users) and them.
A list of a few encryption algorithms:
(1) Advanced Encryption Standard (AES)
(2) Data Encryption Standard (DES, 3DES)
(3) Ron's Code 4 (RC4)
(4) ...
As an example a list of some kinds of the Camellia encryption
algorithm [CAMELLIA] (names taken from OpenSSL help [OPENSSL]):
(1) CAMELLIA-128-CBC: 128-bit Camellia encryption in CBC mode
(2) CAMELLIA-128-ECB: 128-bit Camellia encryption in ECB mode
(3) CAMELLIA-192-CBC: 192-bit Camellia encryption in CBC mode
(4) CAMELLIA-192-ECB: 192-bit Camellia encryption in ECB mode
(5) CAMELLIA-256-CBC: 256-bit Camellia encryption in CBC mode
(6) CAMELLIA-256-ECB: 256-bit Camellia encryption in ECB mode
(7) ...
A list of possible secure layer used:
(1) The Secure Sockets Layer (SSL) Protocol:
(1a) Version 2.0 [SSLv2]
(1b) Version 3.0 [SSLv3]
(2) The Transport Layer Security (TLS) Protocol:
(2a) Version 1.0 [TLSv1.0]
(2b) Version 1.1 [TLSv1.1]
(2c) Version 1.2 [TLSv1.2]
A list of possible Ciphersuites for Transport Layer Security (TLS):
(1) Pre-Shared Key Cipher Suites [RFC4279]
(2) Elliptic Curve Cryptography (ECC) Cipher Suites [RFC4492]
(3) Pre-Shared Key Cipher Suites with NULL Encryption [RFC4785]
(4) AES Galois Counter Mode (GCM) Cipher Suites [RFC5288]
(5) DES and IDEA Cipher Suites [RFC5469]
(6) ECDHE_PSK Cipher Suites [RFC5489]
(7) Camellia Cipher Suites [RFC5932]
(8) ...
Hoehlhubmer Expires May 18, 2014 [Page 3]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
A list of possible Hashing Algorithms:
(1) the [MD2] Message-Digest Algorithm (historic see [RFC6149])
(2) the [MD4] Message-Digest Algorithm (historic see [RFC6150])
(3) the [MD5] Message-Digest Algorithm used commonly in past
(4) the US Secure Hash Algorithm 1 [SHA1]
(5) more US Secure Hash Algorithms [RFC6234]
(6) ...
Only the X.509 Certificates [PKIX] are static, all other
informations depend on the capabilities of the used web browser.
Not every browser allows you to view all these informations,
especially the Cipher Suite the browser has picked for use.
With most browsers you can view the used X.509 certificates of the
actual session, but you have no direct comparison if they are the
correct ones.
It is a good practice to show these informations on the website.
The X.509 certificates which are shown by the browser and those,
that are shown in this Add-on webpage MUST match; with other words:
If they do not match, there is going on a man-in-the-middle attack.
To give the browser, a plug-in, or just a stand-alone program
the ability to verify, that the X.509 certificate is correct,
the Fingerprint and/or Hash of the X.509 certificates are stored
in the Domain Name System (DNS) [DNS-1,DNS-2] as arbitrary string
attributes as specified in [RFC1464].
1.1. Requirements Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
2. Implementing this Add-on
This Add-on has two parts.
Section 2.1. describes the implementation of the neccessary entries
in the Domain Name System (DNS).
Section 2.2. describes the implementation of the additional webpage.
Hoehlhubmer Expires May 18, 2014 [Page 4]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
2.1. Implementing the DNS part
2.1.1 Calculating the Hashes
For calculating the hashes use either [SHA1] or SHA-224, SHA-256,
SHA-384, or SHA-512 as specified in [RFC6234].
Take each X.509 certificate of the whole chain and calculate the
hash of the DER-encoded certificate.
The example certificates of Appendix A give these SHA-224 hashes
in hex:
CA: 00fcc1bb4d09a392f5729a0c1e1ed4247db6b21da1fca9bf6d218db4
SSL: eacbdc6c27cba4ecc87b4e953b56c6987d87430b682b1f13031b04de
and these SHA-512 hashes in hex:
CA: 6744023893a9a046e713b5615bcf1a267a41da13712f4eb964e496754bd9
43105a5a3a8b9b071dea25f90fa7aa9c877dcc2ec81a7c97b640b30dd350
83252078
SSL: df0dee228b19aa1eac6d2227d11cb243562058db5a4041b208ed7702869
98747ed7ba08026791961d338cb2063f3485ec9fe07d5631a8a1b1da340
25cb8962f5
Concatenate the binary form of the calculated hashes in the correct
order beginning at the root.
Generate the Base64 encoding [RFC4648] from the concatenated hashes.
This example gives the following Base64 from the concatenated
SHA-224 hashes:
APzBu00Jo5L1cpoMHh7UJH22sh2h/Km/bSGNtOrL3Gwny6TsyHtOlTtWxph9h0ML
aCsfEwMbBN4=
and from the SHA-512 hashes:
Z0QCOJOpoEbnE7VhW88aJnpB2hNxL065ZOSWdUvZQxBaWjqLmwcd6iX5D6eqnId9
zC7IGnyXtkCzDdNQgyUgeN8N7iKLGaoerG0iJ9EcskNWIFjbWkBBsgjtdwKGmYdH
7XuggCZ5GWHTOMsgY/NIXsn+B9VjGoobHaNAJcuJYvU=
Due to size limitations as specified in [DNS-2] Section 2.3.4. and
the Syntax as specified in Section 2.1.2. below
this Base64 encoded hash MUST NOT be longer than 214 octets.
Hoehlhubmer Expires May 18, 2014 [Page 5]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
This table shows when to use the packed form of calculation explained
in next Section 2.1.1.1.
+-----------+--------------+
| Hashing | X.509 |
| algorithm | certificates |
+-----------+--------------+
| SHA-1 | 9 or more |
+-----------+--------------+
| SHA-224 | 6 or more |
+-----------+--------------+
| SHA-256 | 6 or more |
+-----------+--------------+
| SHA-384 | 4 or more |
+-----------+--------------+
| SHA-512 | 3 or more |
+-----------+--------------+
2.1.1.1. Calculating the Packed form
The calculation is the same except, that the binary form of the
concatenated hashes is hashed again using the SHA-512 algorithm.
Generate the Base64 encoding from this SHA-512 hash.
The example from the previous Section 2.1.1. has only two X.509
certificates. There would not be any need of packing this by
hashing again.
The Base64 encoding of this packed SHA-512 hash is the following:
4iBTHcxpK4GG0thWbLaq9gQx2UmFDPI2DJDWyeKYk3RmUwS+nkuCXYXR6ED4iGy4
Ftl5nFcsta9rwMvsaQx/wg==
2.1.2 Arbitrary String Attribute Syntax
The syntax for a complete arbitrary string attribute, using the
ABNF notation and core rules of [RFC5234], is:
attribute = DQUOTE attr-algo *SP
attr-count *SP
attr-hashes *SP
attr-packed DQUOTE
attr-algo = "algo=" hash-algo ";"
attr-count = "count=" cert-count ";"
attr-hashes = "hashes=" cert-hashes ";"
attr-packed = "packed=" packed-form ";"
Hoehlhubmer Expires May 18, 2014 [Page 6]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
hash-algo = 1*("sha1" / "sha224" / "sha256" / "sha384" / "sha512")
; possible hashing algorithms
cert-count = 1DIGIT ; number of X.509 certificates of
; the whole certificates chain
cert-hashes = base64string
; base64 encoding of the certificates
; hashes
packed-form = 1BIT ; "0" non-packed base64 encoded hashes,
; "1" packed base64 encoded hashes
base64string = 1*(ALPHA / DIGIT / "+" / "/") [ "=" [ "=" ] ]
separator = %x3B ; ";"
The example from Section 2.1.1. gives these:
"algo=SHA224; count=2; hashes=APzBu00Jo5L1cpoMHh7UJH22sh2h/Km/bSG
NtOrL3Gwny6TsyHtOlTtWxph9h0MLaCsfEwMbBN4=; packed=0;"
"algo=SHA512; count=2; hashes=Z0QCOJOpoEbnE7VhW88aJnpB2hNxL065ZOS
WdUvZQxBaWjqLmwcd6iX5D6eqnId9zC7IGnyXtkCzDdNQgyUgeN8N7iKLGaoerG0i
J9EcskNWIFjbWkBBsgjtdwKGmYdH7XuggCZ5GWHTOMsgY/NIXsn+B9VjGoobHaNAJ
cuJYvU=; packed=0;"
"algo=SHA512; count=2; hashes=4iBTHcxpK4GG0thWbLaq9gQx2UmFDPI2DJD
WyeKYk3RmUwS+nkuCXYXR6ED4iGy4Ftl5nFcsta9rwMvsaQx/wg==; packed=1;"
All three are valid. Using the non packed form SHOULD be
preferred.
2.1.3. DNS-entry Namespace
For this Add-on a subdomain named "_sslcert" is used.
INFORMATIVE OPERATIONAL NOTE: Wildcard DNS records (e.g.,
*._sslcert.example.com) are only used in context with
Wildcard X.509 certificates. Note also that wildcards within
domains (e.g., s._sslcert.*.example.com) are not supported by
the DNS.
Hoehlhubmer Expires May 18, 2014 [Page 7]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
The DNS entries for this example look like these:
; IPv4 address
www.example.com. IN A 192.0.2.1
; IPv6 address
www.example.com. IN AAAA 2001:db8::1
; X.509 certificates hashes, SHA-224
www._sslcert.example.com. IN TXT "algo=SHA224; count=2; hashes=A
PzBu00Jo5L1cpoMHh7UJH22sh2h/Km/bSGNtOrL3Gwny6TsyHtOlTtWxph9h0MLaC
sfEwMbBN4=; packed=0;"
; X.509 certificates hashes, SHA-512
www._sslcert.example.com. IN TXT "algo=SHA512; count=2; hashes=Z
0QCOJOpoEbnE7VhW88aJnpB2hNxL065ZOSWdUvZQxBaWjqLmwcd6iX5D6eqnId9zC
7IGnyXtkCzDdNQgyUgeN8N7iKLGaoerG0iJ9EcskNWIFjbWkBBsgjtdwKGmYdH7Xu
ggCZ5GWHTOMsgY/NIXsn+B9VjGoobHaNAJcuJYvU=; packed=0;"
; X.509 certificates hashes, SHA-512, packed
www._sslcert.example.com. IN TXT "algo=SHA512; count=2; hashes=4
iBTHcxpK4GG0thWbLaq9gQx2UmFDPI2DJDWyeKYk3RmUwS+nkuCXYXR6ED4iGy4Ft
l5nFcsta9rwMvsaQx/wg==; packed=1;"
2.2. Implementing the HTTP part
This Add-on is just one page of the website. Its content MUST be
completely generated on server side. The Common Gateway Interface
[CGI1.1] is RECOMMENDED to be used. There MUST exist at least one
relative reference to this page as defined in [RFC3986] Section 4.2.
For doing so see the sample scripts from Appendix B.
To see how this Add-on works, see [MYADDON].
Hoehlhubmer Expires May 18, 2014 [Page 8]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
2.2.1. Webpage Content
The informations MUST be the following:
(1) The actual date and time
(2) The cipher specification name
(3) Number of cipher bits (actually used)
(4) Number of cipher bits (possible)
(5) The SSL Protocol version: SSLv2, SSLv3,
TLSv1.0, TLSv1.1, TLSv1.2, ...
(6) If cipher is an export cipher: false, true
(7) If secure renegotiation is supported: false, true
(8) Algorithm used for the public key of server's certificate
(9) Algorithm used for the signature of server's certificate
(10) Issuer DN of server's certificate
(11) Subject DN in server's certificate
(12) The serial of the server certificate
(13) The version of the server certificate
(14) Validity of server's certificate (start time)
(15) Validity of server's certificate (end time)
(16) Client certificate verification:
NONE, SUCCESS, GENEROUS or FAILED:reason
(17) SSL compression method negotiated: NULL when disabled
For connections where X.509 certificates are used for authentication
these informations are RECOMMENDED:
(18) Algorithm used for the public key of client's certificate
(19) Algorithm used for the signature of client's certificate
(20) Issuer DN of client's certificate
(21) Subject DN in client's certificate
(22) The serial of the client certificate
(23) The version of the client certificate
(24) Validity of client's certificate (start time)
(25) Validity of client's certificate (end time)
(26) Number of days until client's certificate expires
This information MAY be given:
(27) The hex-encoded SSL session id
(28) Contents of the SNI TLS extension (if supplied with ClientHello)
Hoehlhubmer Expires May 18, 2014 [Page 9]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
These OPTIONAL informations depend on the used software:
(29) The SSL-module program version: e.g. Apache mod_ssl version
(30) The SSL program version: e.g. OpenSSL version
See Appendix C for a sample content.
2.2.2. Formating and Presenting the webpage
You SHALL present this information simple, plain Text is enough.
When using HTML, only relative references as defined in [RFC3986]
Section 4.2. MAY be used. It is RECOMMENDED to use only a subset
of [HTML2.0].
The actual date and time SHALL be formatted as specified in [RFC5322]
Section 3.3. The time MUST NOT differ with more than 5 seconds from
the real date/time.
Any translation or sorting the order of this content is OPTIONAL.
3. Verification Procedure for the DNS part
When the webbrowser or a plug-in honors the additional DNS entries,
it SHOULD give a warning to the user:
(1) when it doesn't find the entry
(2) when the entry doesn't match
In case the DNS entries were retrieved by [DNSSEC] instead of simple
DNS, then the user MUST give a permission to go further, when one
of the two scenarios occurs.
Hoehlhubmer Expires May 18, 2014 [Page 10]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
4. IANA Considerations
There are no requests for IANA actions in this document.
5. Security Considerations
When implementing the HTTP part as a popup window in the browser,
this information MUST also be available with enabled popup-blocker.
The implementation MUST NOT use any scripts, that run on client side:
e.g. Javascript, ...
There SHOULD also be no references to other websites inside this
Add-on page.
6. Acknowledgements
7. Recommendations
[DNSSEC] SHOULD be used for the DNS part.
Using a standardized URL for the HTTP part is RECOMMENDED,
for more see Discussions at Section 9.
Hoehlhubmer Expires May 18, 2014 [Page 11]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
8. References
8.1. Normative References
[DNS-1] Mockapetris, P., "Domain names - concepts and
facilities", STD 13, RFC 1034, November 1987.
[DNS-2] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987.
[PKIX] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation
List (CRL) Profile", RFC 5280, May 2008.
8.2. Informative References
[CAMELLIA] Matsui, M., Nakajima, J., and S. Moriai, "A Description
of the Camellia Encryption Algorithm", RFC 3713,
April 2004.
[DNSSEC] Arends, R., Austein, R., Larson, M., Massey, D., and
S. Rose, "DNS Security Introduction and Requirements",
RFC 4033, March 2005.
[HTTPTLS] Rescorla, E., "HTTP over TLS", RFC 2818, May 2000.
Hoehlhubmer Expires May 18, 2014 [Page 12]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
[CGI1.1] Robinson, D. and K. Coar, "The Common Gateway Interface
(CGI) Version 1.1", RFC 3875, October 2004.
[HTML2.0] Berners-Lee, T. and D. Connolly, "Hypertext Markup
Language - 2.0", RFC 1866, November 1995.
[MD2] Kaliski, B., "The MD2 Message-Digest Algorithm",
RFC 1319, April 1992.
[MD4] Rivest, R., "The MD4 Message-Digest Algorithm", RFC 1320,
April 1992.
[MD5] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992.
[SHA1] Eastlake 3rd, D. and P. Jones, "US Secure Hash
Algorithm 1 (SHA1)", RFC 3174, September 2001.
[SSLv2] Hickman, Kipp, "The SSL Protocol", Netscape
Communications Corp., Feb 9, 1995.
[SSLv3] Freier, A., Karlton, P., and P. Kocher, "The Secure
Sockets Layer (SSL) Protocol Version 3.0", RFC 6101,
August 2011.
[TLSv1.0] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
RFC 2246, January 1999.
[TLSv1.1] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.1", RFC 4346, April 2006.
[TLSv1.2] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008.
[OPENSSL] OpenSSL Cryptography and SSL/TLS Toolkit at
http://www.openssl.org/
[RFC1464] Rosenbaum, R., "Using the Domain Name System To Store
Arbitrary String Attributes", RFC 1464, May 1993.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, January 2005.
Hoehlhubmer Expires May 18, 2014 [Page 13]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
[RFC4279] Eronen, P., Ed., and H. Tschofenig, Ed., "Pre-Shared Key
Ciphersuites for Transport Layer Security (TLS)",
RFC 4279, December 2005.
[RFC4492] Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and
B. Moeller, "Elliptic Curve Cryptography (ECC) Cipher
Suites for Transport Layer Security (TLS)", RFC 4492,
May 2006.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, October 2006.
[RFC4785] Blumenthal, U. and P. Goel, "Pre-Shared Key (PSK)
Ciphersuites with NULL Encryption for Transport Layer
Security (TLS)", RFC 4785, January 2007.
[RFC5234] Crocker, D., Ed., and P. Overell, "Augmented BNF for
Syntax Specifications: ABNF", STD 68, RFC 5234,
January 2008.
[RFC5288] Salowey, J., Choudhury, A., and D. McGrew, "AES Galois
Counter Mode (GCM) Cipher Suites for TLS", RFC 5288,
August 2008.
[RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322,
October 2008.
[RFC5469] Eronen, P., Ed., "DES and IDEA Cipher Suites for
Transport Layer Security (TLS)", RFC 5469, February
2009.
[RFC5489] Badra, M. and I. Hajjeh, "ECDHE_PSK Cipher Suites for
Transport Layer Security (TLS)", RFC 5489, March 2009.
[RFC5932] Kato, A., Kanda, M., and S. Kanno, "Camellia Cipher
Suites for TLS", RFC 5932, June 2010.
[RFC6149] Turner, S. and L. Chen, "MD2 to Historic Status",
RFC 6149, March 2011.
[RFC6150] Turner, S. and L. Chen, "MD4 to Historic Status",
RFC 6150, March 2011.
[RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash
Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234,
May 2011.
Hoehlhubmer Expires May 18, 2014 [Page 14]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
[MYADDON] A working implementation of this Add-on on my website at
https://ssl.mathemainzel.info/sslinfo/
9. Discussions
It would be good to have a standardized URL for this Add-on webpage;
e.g. https://www.example.com/sslinfo/
Placing an Absolute URI as defined in [RFC3986] Section 4.3.
outside the encrypted website part is RECOMMENDED.
Hoehlhubmer Expires May 18, 2014 [Page 15]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
A. Example certificates
A.1. The DER-encoded CA certificate
This section contains the full, DER-encoded certificate, in hex.
823067028230D00103A00102020200010D300906862A86480DF7010105053000
3147300B06095503060402132D2D10310E3003060455130A53076D6F4F656772
1431123003060455130B530B6D6F4F6567726E55746910310E30030604551303
52076F6F207441431E300D17303731303130303030303030175A370D31343332
3231353335395A3947300B3109300306045513062D02312D3010060E55030A04
07136F53656D724F31673014061255030B040B136F53656D724F5567696E3174
3010060E5503030407136F52746F432030419F810D300906862A86480DF70101
050103008D81300089818102008172CE9A9633546322C2FB1063EDBBEAA8C20D
53E0892CB39CA1141D455A3ABB7CDC2A46AF4934D1B2A2C677BC852217DF12FB
7606CF1328339D457C7D844DF57C0F1C629596F2FBEF9C39CB0388E8BEFF114C
E057D8328E8CBF87A590F307DDD56ED05F2A9BF12B4DDF892D73CBA703EA904C
F1A4F5FE40823F9457D27993774E03020001A30130633061060F5503131D0101
04FF30050103FF010E3003061D55010FFF010404020306011D3003061D55040E
041673141431F17264D5C8730DDE390EC2CC2B79ED7130DE061F5503231D1804
1630148031737214D5F17364DEC80E0DCC3979C2712BDEED0D300906862A8648
0DF701010505030081810C006844FF85842BB051660E538D93044547E824E1ED
1A3B25C377E6BED92092A14B6933C4AF45843EAF35016C9B4D0549108D027ABC
F8E28BA6DCF590B8C410B488961834EBB1C719DA2B5B267C9C57F7C205A7AEC4
4F9CD8728E0ED73DC7AE15B32749FFB710842C713093FAE3A5989A943C2899D5
8DFC979D30E350E08486004C
A.1.1. The CA's public key
This section contains the DER-encoded public RSA key of the CA who
signed the example SSL certificate. It is included with the purpose
of simplifying verifications of the example certificate.
8130309F060D2A094886F786010D010100058103008D813002898181CE009672
549A2233FB6363C2BB10A8ED0DEAE0C22C539C8914B345A13A1D7C5A2ABBAFDC
3446B249C6D1BCA22277DF85FB170612137633CF45287D9D4D7C7C841CF5950F
F262EF9639FB039CE8CBFF884CBE571132E08CD8878E90BF07A5D5F3D0DD2A6E
F15F4D9B892B73DFA72DEACB4C03A490FEF182F59440D23F93574E7902770103
0100
Hoehlhubmer Expires May 18, 2014 [Page 16]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
A.2. The DER-encoded SSL certificate
This section contains the full, DER-encoded certificate, in hex.
823089028230F20103A00102020201010D300906862A86480DF7010105053000
3147300B06095503060402132D2D10310E3003060455130A53076D6F4F656772
1431123003060455130B530B6D6F4F6567726E55746910310E30030604551303
52076F6F207441431E300D17303731303130303030303030175A370D31303332
3231353335395A3927300B3109300306045513062D02312D3018061655030304
0F1377772E7778656D616C702E656F63306D9F810D300906862A86480DF70101
050103008D813000898181020081319D251DDCBE76C21B5DBEF6B49A2E3C1BD4
AFA9319541549486280E5CAAB480FE60EED2BD1AE25B6EBD1E359FAFCE0D8843
B427162EAE6F4C59F483720B5E1775E82E345034F1FA7A402612857E1C04F994
DBA6C6BD93F58D9504029A1957E4B8EA7E7D4885237133C715982A6FB8F1497C
F20E207B3AF9C0815F16CB6BE1EE03020001A301A481813030A106095503131D
020400300E3003061D55010FFF0104040203A0051D3003061D55040E04165414
A264924E272019FBF9CF7E1E84CF0D6AF25030DC061F5503231D180416301480
31737214D5F17364DEC80E0DCC3979C2712BDEED1A3003061D55041130138211
770F7777652E6178706D656C632E6D6F133003061D550425300C060A2B080106
05050307300106135503201D0C040A30083006068167010C01020D300906862A
86480DF701010505030081818A00767FD227909347ED594D2F1F944CFCFCFAAE
04DBFDCB19068A670160BCB1CF199AD26DE99448A89D1B1DE8CFE7F5BA64917F
2BC50CC5A428C272B2A6F4FE27EBE6BEC9B0AF897C1BE3F82FA51B64C3772A4E
B97FB5E4F3553C842E59E90E6DC4EAD9CBBA15C96DEEE39242C537C9A639FEDB
7E63B0B25682BC6FA3460DA60046
Hoehlhubmer Expires May 18, 2014 [Page 17]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
B. Script Examples for the Add-on webpage
Use the following script examples as a template for your
implementation of this Add-on webpage.
The first two examples generate identical content in plain
ASCII-text, the third example makes use of HTML and is a
compiled C program.
Script Examples:
B.1. PHP-script
B.2. CGI-script: A BASH shell script, for most Linux systems
B.3. CGI-script: A compiled C program, for any other system
B.1. PHP-script
<CODE BEGINS>
<?php
header( "Content-type: text/plain" );
print "SSL informations: " . date( "r" ) . "\r\n";
print "================\r\n\r\n";
if ( isset( $_SERVER['HTTPS'] ) && ( $_SERVER['HTTPS'] == "on" ) ) {
$list = array( );
$nmbrOfValues = 0;
foreach ( $_SERVER as $key => $value ) {
if ( substr( $key, 0, 4 ) == "SSL_" ) {
$list[ $nmbrOfValues++ ] = $key . "=" . $value;
}
}
sort( $list ); // sort content before printing ...
for ( $iter = 0; $iter < $nmbrOfValues; $iter++ ) {
print $list[ $iter ] . "\r\n";
}
}
else {
echo "No SSL information available.\r\n";
}
?>
<CODE ENDS>
Hoehlhubmer Expires May 18, 2014 [Page 18]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
B.2. CGI-script: A BASH shell script, for most Linux systems
<CODE BEGINS>
#!/bin/bash
echo -e -n "Content-type: text/plain\n\n"
echo -e -n "SSL informations: $(date --rfc-2822)\n"
echo -e -n "================\n\n"
if [ "$HTTPS" == "on" ]; then
env | grep --regexp="^SSL_" | sort
else
echo -e -n "No SSL information available.\n"
fi
<CODE ENDS>
B.3. CGI-script: A compiled C program, for any other system
This CGI-script is a compiled C program, and in comparison to the
other 2 examples, it makes use of HTML.
For compiling this program any C compiler SHOULD be suitable. Be
sure your runtime supports the function strftime with standard format
specifiers.
<CODE BEGINS>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#ifdef __linux__
#include <unistd.h>
#endif
const char* pszHtmlEndPart [ ] = { "<HR>",
"<ADDRESS>https at www.example.com Port 443</ADDRESS>",
"</BODY>",
"</HTML>" };
const char* pszHtmlBeginPart[ ] = {
"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">",
"<HTML>",
"<HEAD>",
"<TITLE>SSL informations</TITLE>",
"</HEAD>",
Hoehlhubmer Expires May 18, 2014 [Page 19]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
"<BODY>",
"<H3>SSL informations</H3>" };
/* function prototype used for sorting */
int compareFunc( const void* pvd1, const void* pvd2 );
int main( int argc, char* argv[ ], char** envp )
{ /* char* envp[ ] */
char* * ppszContent;
char* * ppsz;
char* psz;
char szDateTime[ 80 ];
int i, nCount;
time_t tnow = time( NULL );
struct tm* tmnow = localtime( &tnow );
strftime( szDateTime, sizeof( szDateTime ) - 4,
"%a, %d %b %Y %H:%M:%S %z", tmnow );
printf( "Content-type: text/html; charset=ISO-8859-1\r\n\r\n" );
nCount = sizeof( pszHtmlBeginPart ) / sizeof( char* );
for ( i = 0; i < nCount; i++ )
printf( "%s\r\n", pszHtmlBeginPart[ i ] );
printf( "<B>SSL informations</B>: %s\r\n", szDateTime );
printf( "<P>\r\n" );
if ( ( psz = getenv( "HTTPS" ) ) && ( strcmp( psz, "on" ) == 0 ) )
{
/* count relevant values ... */
ppsz = envp;
nCount = 0;
while ( ppsz && *ppsz )
{
if ( strncmp( *ppsz, "SSL_", 4 ) == 0 )
nCount++;
ppsz++;
}
/* allocate memory */
ppszContent = (char* *) calloc( nCount, sizeof( char* ) );
Hoehlhubmer Expires May 18, 2014 [Page 20]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
if ( ppszContent )
{
/* extract relevant values from environment ... */
i = 0;
ppsz = envp;
while ( ppsz && *ppsz )
{
if ( strncmp( *ppsz, "SSL_", 4 ) == 0 )
*( ppszContent + i++ ) = *ppsz;
ppsz++;
}
/* sort content */
qsort( (void*) ppszContent, nCount, sizeof( char* ),
compareFunc );
printf( "<CODE>\r\n" );
/* output sorted content */
for ( i = 0; i < nCount; i++ )
printf( "%s<BR>\r\n", *( ppszContent + i ) );
printf( "</CODE>\r\n" );
/* free up memory */
free( (void*) ppszContent );
}
else
printf( "Internal error (unable to allocate memory).\r\n" );
}
else
printf( "No SSL information available.\r\n" );
nCount = sizeof( pszHtmlEndPart ) / sizeof( char* );
for ( i = 0; i < nCount; i++ )
printf( "%s\r\n", pszHtmlEndPart[ i ] );
return 0;
}
/* comparison function for sorting */
int compareFunc( const void* pvd1, const void* pvd2 )
{
return strcmp( *( (char* *) pvd1 ), *( (char* *) pvd2 ) );
}
<CODE ENDS>
Hoehlhubmer Expires May 18, 2014 [Page 21]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
C. Sample Content of the Add-on webpage
The first example shows a complete sample content in sorted order.
The second example shows the client certificate part, in case client
certificate authentication is used.
The other two examples show only the part that may differ when the
browser picks another cipher suite.
For meaning of the numbers in brackets of the examples see
Section 2.2.1.
C.1. A complete sample content
C.1a. ..., the client certificate part
C.2. Picking another cipher suite
C.2a. ..., and one more
C.1. A complete sample content
SSL informations: Thu, 01 Jan 1970 00:00:00 +0000 (1)
================
SSL_CIPHER=AES256-SHA (2)
SSL_CIPHER_ALGKEYSIZE=256 (4)
SSL_CIPHER_EXPORT=false (6)
SSL_CIPHER_USEKEYSIZE=256 (3)
SSL_CLIENT_VERIFY=NONE (16)
SSL_COMPRESS_METHOD=NULL (17)
SSL_PROTOCOL=TLSv1 (5)
SSL_SECURE_RENEG=true (7)
SSL_SERVER_A_KEY=rsaEncryption (8)
SSL_SERVER_A_SIG=sha1WithRSAEncryption (9)
SSL_SERVER_I_DN=/C=--/O=SomeOrg/OU=SomeOrgUnit/CN=Root CA (10)
SSL_SERVER_I_DN_C=-- (10)
SSL_SERVER_I_DN_CN=Root CA (10)
SSL_SERVER_I_DN_O=SomeOrg (10)
SSL_SERVER_I_DN_OU=SomeOrgUnit (10)
SSL_SERVER_M_SERIAL=01 (12)
SSL_SERVER_M_VERSION=3 (13)
SSL_SERVER_S_DN=/C=--/CN=www.example.com (11)
SSL_SERVER_S_DN_C=-- (11)
SSL_SERVER_S_DN_CN=www.example.com (11)
SSL_SERVER_V_END=Dec 31 23:59:59 1970 GMT (15)
SSL_SERVER_V_START=Jan 01 00:00:00 1970 GMT (14)
SSL_SESSION_ID=0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF (27)
SSL_TLS_SNI=www.example.com (28)
SSL_VERSION_INTERFACE=mod_ssl/2.2.15 (29)
SSL_VERSION_LIBRARY=OpenSSL/1.0.0-fips (30)
Hoehlhubmer Expires May 18, 2014 [Page 22]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
C.1.1. ..., the client certificate part
...
SSL_CLIENT_A_KEY=rsaEncryption (18)
SSL_CLIENT_A_SIG=sha1WithRSAEncryption (19)
SSL_CLIENT_I_DN=/C=--/O=SomeOrg/OU=SomeOrgUnit/CN=Root CA (20)
SSL_CLIENT_I_DN_C=-- (20)
SSL_CLIENT_I_DN_CN=Root CA (20)
SSL_CLIENT_I_DN_O=SomeOrg (20)
SSL_CLIENT_I_DN_OU=SomeOrgUnit (20)
SSL_CLIENT_M_SERIAL=02 (22)
SSL_CLIENT_M_VERSION=3 (23)
SSL_CLIENT_S_DN=/CN=Name/emailAddress=name@example.com (21)
SSL_CLIENT_S_DN_CN=Name (21)
SSL_CLIENT_S_DN_Email=name@example.com (21)
SSL_CLIENT_VERIFY=SUCCESS (16)
SSL_CLIENT_V_END=Dec 31 23:59:59 1970 GMT (25)
SSL_CLIENT_V_REMAIN=365 (26)
SSL_CLIENT_V_START=Jan 01 00:00:00 1970 GMT (24)
...
C.2. Picking another cipher suite
...
SSL_CIPHER=RC4-MD5
SSL_CIPHER_ALGKEYSIZE=128
SSL_CIPHER_EXPORT=false
SSL_CIPHER_USEKEYSIZE=128
...
SSL_PROTOCOL=SSLv3
SSL_SECURE_RENEG=false
...
C.2.1. ..., and one more
...
SSL_CIPHER=AES128-SHA256
SSL_CIPHER_ALGKEYSIZE=128
SSL_CIPHER_EXPORT=false
SSL_CIPHER_USEKEYSIZE=128
...
SSL_PROTOCOL=TLSv1.2
SSL_SECURE_RENEG=true
...
Hoehlhubmer Expires May 18, 2014 [Page 23]
Internet-Draft Informational Add-on for HTTP over SSL/TLS Nov 2013
Author's Address
Walter Hoehlhubmer
Lederergasse 47a
A-4020 Linz
Austria, EUROPE
EMail: walter.h@mathemainzel.info
Hoehlhubmer Expires May 18, 2014 [Page 24]