How SSL Work

Recently, there was a bit of a discussion in the office on how SSL works. I think this stems from SSL (OpenSSL) being one of the most sparsely documented library in the open source world. Hopefully this will help someone, and also serves to remind me next time I want to fix things.

Basics

The following presumes you have public-key crypo knowledge. To set up the secure channel, the steps are as such:

  1. Client connect to SSL server
  2. SSL server sends client its cert
  3. Client randomly generate a key, and encrypt it with the server’s cert and sends it to server. Since encrypted, only server and client knows this key.
  4. Server gets client’s key, and encrypts remaining of the data with key

In this scenario, there is one loophole – how do you know the server sending you the cert is valid? A bad guy on the internet can intercept the data stream and give you his own cert, creating a man-in-middle attack.

To solve this problem, SSL uses signed certs. The cert that the server have is signed by another cert (typically call Certification Authority, CA). This CA cert can be signed yet by another cert, etc, etc. So how do we verify the top level certs (those that sign everybody else)? These certs are actually installed in client’s browser/OS, since the client trusts its browser and OS, the chain of trust can extend down to the server cert.

Verifying Certificate

You can verify a certificate using openssl on linux.
$ openssl s_client -connect http://www.comp.nus.edu.sg:443
CONNECTED(00000003)
depth=0 serialNumber = fqi84NUg7JCvWph5RiPhVWj76ujT39uq, C = SG, O = *.comp.nus.edu.sg, OU = GT21833570, OU = See http://www.rapidssl.com/resources/cps (c)10, OU = Domain Control Validated - RapidSSL(R), CN = *.comp.nus.edu.sg
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 serialNumber = fqi84NUg7JCvWph5RiPhVWj76ujT39uq, C = SG, O = *.comp.nus.edu.sg, OU = GT21833570, OU = See http://www.rapidssl.com/resources/cps (c)10, OU = Domain Control Validated - RapidSSL(R), CN = *.comp.nus.edu.sg
verify error:num=27:certificate not trusted
verify return:1
depth=0 serialNumber = fqi84NUg7JCvWph5RiPhVWj76ujT39uq, C = SG, O = *.comp.nus.edu.sg, OU = GT21833570, OU = See http://www.rapidssl.com/resources/cps (c)10, OU = Domain Control Validated - RapidSSL(R), CN = *.comp.nus.edu.sg
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/serialNumber=fqi84NUg7JCvWph5RiPhVWj76ujT39uq/C=SG/O=*.comp.nus.edu.sg/OU=GT21833570/OU=See http://www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.comp.nus.edu.sg
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEATCCA2qgAwIBAgIDFTFqMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTAxMTE0MDcyMzU0WhcNMTIxMTE2MDM0MjQ3
WjCB6TEpMCcGA1UEBRMgZnFpODROVWc3SkN2V3BoNVJpUGhWV2o3NnVqVDM5dXEx
CzAJBgNVBAYTAlNHMRowGAYDVQQKDBEqLmNvbXAubnVzLmVkdS5zZzETMBEGA1UE
CxMKR1QyMTgzMzU3MDExMC8GA1UECxMoU2VlIHd3dy5yYXBpZHNzbC5jb20vcmVz
b3VyY2VzL2NwcyAoYykxMDEvMC0GA1UECxMmRG9tYWluIENvbnRyb2wgVmFsaWRh
dGVkIC0gUmFwaWRTU0woUikxGjAYBgNVBAMMESouY29tcC5udXMuZWR1LnNnMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYOujSH4is6LLvp2oZfXXuxs
h7uNvfq6XDaD5gVOhKSYaso8nsCU245fuzP96qAZOecD+olvj2JAN8nJfYSw2cYb
r2RJIrOvZz8HWNYKWza+CNm/XahX+XBfjKagc5XLv4eTm9h3ll0QjxZjQrLi+Gl7
YeaiW8BffRAUUp6R5kdiBpENI44MhNL+yLC5u+hbzPv3DjVRLtbmqQ3uIqXodvqM
nCWsbb4rh8tVGsTOyG75ftybmq2QXgTPm+F7AH92WunpOWGJpo4cVa1qMxxC1Z4+
bu9bmO222S3ZnuyMErhuyPlSTnAzycG6eu3iS1L+Ou/JZBvjSWNXvDHcX6MqKwID
AQABo4HMMIHJMB8GA1UdIwQYMBaAFEjmaPkr0rKV10fYIyAQTzOYkJ/UMA4GA1Ud
DwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHAYDVR0R
BBUwE4IRKi5jb21wLm51cy5lZHUuc2cwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDov
L2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5jcmwwHQYDVR0OBBYEFKug
5ZrqygIj3fWISLGecoOEmhnaMA0GCSqGSIb3DQEBBQUAA4GBAKUlIBbQk94PFgIJ
44kZR9P5eeM7XZnmGC5BJzDKwpnfVABCoQ3SMURUNxchDY63xqSaVltGbLIuTJCW
6DkBDBuYFQm1JgtYwUSrifNzUi4KtTXS1XpdePJ1g2JlreY9nwAUqLOfLHQ/oMSg
7siIkD3TmkD4PRq8NByqra8Qns2I
-----END CERTIFICATE-----
subject=/serialNumber=fqi84NUg7JCvWph5RiPhVWj76ujT39uq/C=SG/O=*.comp.nus.edu.sg/OU=GT21833570/OU=See http://www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.comp.nus.edu.sg
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 1744 bytes and written 353 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : DHE-RSA-AES256-SHA
Session-ID: 046976837AFB333337300D2AE0CFA9BFB92ACB262857F98632E1F4327A5D5A73
Session-ID-ctx:
Master-Key: C5038788C147F16260760064E379BE5B948CB3E65D33EBC0B99110D92DE4FCB7F6E86BD26FF3FB75589FA915EE578A12
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1332384818
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)

You can see from the output (blue, in Certificate chain) that the server returned one cert. From the last line, we are not able to verify the cert. This is because we didn’t provide the top level certs directory for openssl to verify again. In Ubuntu, the certs are at /etc/ssl/certs/.

$ openssl s_client -CApath /etc/ssl/certs/ -connect http://www.comp.nus.edu.sg:443
<snip>
Verify return code: 0 (ok)

Single Root

In our example above, we can see that the server cert is signed by a root CA (“Equifax Secure Certificate Authority”). This is what we call “Single Root” cert. In the last few years, single root certs are becoming less common, and most certs that you buy are chained certs (server cert signed by intermediate cert, which is in turned signed by root cert). This is the confusing part to many sysadmins. Instead of just installing a server cert, now a sysadmin have to install but the server certs and all the intermediate certs, to ensure that the chain of trust can be verified. An example of this is

$ openssl s_client -connect mysoc.nus.edu.sg:443
<snip>
Certificate chain
0 s:/C=SG/ST=Singapore/L=Kent Ridge/O=National University of Singapore - School of Computing/OU=Webserver Team/CN=mysoc.nus.edu.sg
i:/C=US/O=Thawte, Inc./CN=Thawte SSL CA
1 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
2 s:/C=US/O=Thawte, Inc./CN=Thawte SSL CA
i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA

You can see that the server now returns 3 certs. (0) is server cert, which is signed by (2), which is in turn signed by (1).

If only the server cert is installed, then you will only be able to see 1 certificate here, and the chain of trust will fail!

In summary, always check your certs after installing. You can also check them easily using web tools, e.g. http://www.sslshopper.com/ssl-checker.html

Advertisements