Beruflich Dokumente
Kultur Dokumente
White Paper
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Chain Building . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
End-entity Certificate Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Intermediate Certificate Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Introduction
SSL/TLS is a core enabling technology that is critical for securing communications.
For more than a decade, SSL has provided a solid, stable platform for ensuring
security and trust online, enabling the growth of e-commerce and other industries.
SSL is a fundamentally sound technology that provides confidentiality,
authentication, and integrity. The most significant challenge facing the SSL
ecosystem is not a technological flaw or limitation, but rather the way it is being
implemented and the practices around it.
Several University researchers have recently published reports indicating
widespread errors and shortcomings in non-browser applications that act as the
client of an SSL/TLS connection. These issues result from flawed implementations
of SSL in the applications or in SDKs or APIs used by the applications. This is
an issue that needs to be addressed because today more and more services are
offered through non-browser application interfaces. Often but not always these
applications are designed for use on mobile devices. As mobile device adoption
increases, the use of these applications will increase and thus the impact of these
security implementation shortcomings will grow as well.
This paper lists necessary steps to take to create a stronger, more trustworthy
SSL implementation. All SSL Client non-browser applications should follow
all the practices in this document to ensure the high level of authentication,
confidentiality and integrity promised by SSL are achieved.
Chain Building
During the SSL handshake, the server will return one or more certificates to the
client to build a chain of trust. Dont assume that the certificates for this chain are
returned in any particular order. Misconfigured web servers may also return more
certificates than necessary to build a chain, or they may fail to return certificates
that are needed to build a chain. If a certificate contains a caIssuers entry in
its authorityInfoAccess extension, that entry will indicate a protocol and
location where you can obtain the issuing certificate. This information may help
you locate certificates in the chain that are not returned by the server.
Note: If a self-signed root certificate (defined as a certificate whose Issuer Name
is the same as its Subject Name) is returned by the server, it should be ignored. No
certificate should be trusted simply because the server returns it.
Try to build a certificate chain to determine which certificate is the end-entity
SSL certificate. The chain can be built either with authorityKeyIdentifier/
subjectKeyIdentifier (AKI/SKI) extension values (the AKI value in a
certificate should match the SKI value in the certificate that signed it), or with
Issuer Distinguished Name / Subject Distinguished Name values (the Issuer
Distinguished Name value in a certificate should match the Subject Distinguished
Name value in the certificate that signed it).
2. The current date/time must be greater than the notBefore time in the
certificate, and less than the notAfter time in the certificate. Note that date/
times are represented in GMT. If you cant be sure that your application has an
accurate time source, you may wish to err on the side of caution and accept a
certificate that will not be valid for a few more days, or has just expired in the
last few days.
3. If the certificate contains a basicConstraints extension, the cA flag must be set
to false and the pathLenConstraint must be set to 0.
4. If the certificate contains a keyUsage extension, the digitalSignature
and keyEncipherment bits must be set.
5. If a particular policy is expected, check that it appears in the
certificatePolicies extension.
6. If the certificate contains an extKeyUsage extension, the extension value
must be either the special anyExtendedKeyUsage value, or if it contains
special purpose OIDs, then id-kp-serverAuth must be included.
7. The certificate must contain the crlDistributionPoints extension or the
authorityInfoAccess extension with an AccessMethod value of idad-ocsp. The status of the certificate can be verified by checking CRL, OCSP,
or both (fallback from one method to the other). Verification must result in a
positive determination that the certificate has not been revoked. If the client
application caches CRLs or OCSP responses, these may be used until their
validity end date instead of making another request for a CRL or OCSP response.
8. If any other extension is marked critical, the application must be able to
recognize and understand the value of the extension. The certificate must
be rejected if it contains any critical extensions that the application does
not recognize.
Intermediate Certificate Checks
When comparing strings extracted from certificates, note that they are represented
in the certificate as a byte length, followed by that number of bytes. Do not
assume that the string is null-terminated. Also note that strings may be encoded in
different types, including UTF-8.
For each intermediate CA certificate in the chain, up to and including the
trusted intermediate certificate (if the intermediate is your trust point), perform
these checks:
1. The current date/time must be greater than the notBefore time in the
certificate, and less than the notAfter time in the certificate. Note that date/
times are represented in GMT. If you cant be sure that your application has an
accurate time source, you may wish to err on the side of caution and accept a
certificate that will not be valid for a few more days, or has just expired in the
last few days.
2. The certificate must contain a basicConstraints extension, with the cA flag set
to true.
3. The certificate must contain a keyUsage extension, with the keyCertSign
bit set.
More Information
Visit our website
http://www.symantec.com/ssl
To speak with a Product Specialist in the U.S.
1-866-893-6565 or 1-650-426-5112
To speak with a Product Specialist outside the U.S.
For specific country offices and contact numbers, please visit our website.
About Symantec
Symantec protects the worlds information and is the global leader in security,
backup, and availability solutions. Our innovative products and services protect
people and information in any environment from the smallest mobile device to
the enterprise data center to cloud-based systems. Our industry-leading expertise
in protecting data, identities, and interactions gives our customers confidence
in a connected world. More information is available at www.symantec.com or by
connecting with Symantec at: go.symantec.com/socialmedia.
Symantec World Headquarters
350 Ellis Street
Mountain View, CA 94043 USA
1-866-893-6565
www.symantec.com
Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in
the U.S. and other countries. Other names may be trademarks of their respective owners.
UID: 131/10/13