Maximizing Performance with SPDY & SSL

Billy Hoffmanbilly@zoompf.com @zoompf

What is SPDY?

Massive Browser Support

Massive Server Support

Cast of Characters

• TCP• HTTP• SSL• X.509 Certificate• Cryptography (asymmetric & symmetric) • SPDY

HTTP/HTTPS

HTTP/SPDY/SSL Sandwich

• SPDY encapsulates HTTP requests– Single Multiplexed stream

• Transmits contents over SSL channel

Today’s Focus

• Setting the Stage for SPDY– Can speak SSL with a server– Can create a valid SSL connection– Client and Server agree to use SPDY

• Optimizing SPDY– Optimizing SSL– Optimizing SPDY– Avoiding optimizations that hurt SPDY

• Tools to help

SETTING THE STAGE FOR SPDY

SSL Connectivity

• Hostname resolves• IP is reachable• Web server is listening on SSL port• Web server understands SSL• Web server knows which site you want

– Shared Hosting and SNI

Listener on 443 is speaking SSL?

Creating a Valid SSL connection

• Agreement on crypto algorithms

• X.509 certificate is valid

X.509 Cert: Correct Domain?

X.509 Cert: Valid Time Period?

X.509 Cert: Is it Trusted?

X.509 Cert: Is it Trusted?

• Do I trust the issuer?– If not, was it signed by someone I trust?

• Has it been revoked?– CRL lists– Online Certificate Status Protocol (OCSP)

Agreeing to Use SPDY

• Client tells server it supports SPDY• Server tells client it supports SPDY• Client sends SPDY over SSL• Else, falls back to HTTP over SSL

SSL Handshake

Microsoft Technet: Host TLS/SSL Workshttp://bit.ly/16Zx0en

Announcing SPDY support in the SSL Handshake

Microsoft Technet: Host TLS/SSL Workshttp://bit.ly/16Zx0en

+ Ext:13172/AL

PN

+ NPN/ALPN

+ Ext:13172/ALPN

ClientHello with Extension 13172

ServerHello with NPN

Review: Speaking SPDY

• Client resolves and connects to SSL port• Client announces SPDY support inside

ClientHello • Server announces SPDY support in

ServerHello• Client validates X.509 cert, finalized SSL

connection• SPDY conversation happens

OPTIMIZING SSL/SPDY

The SSL Tarpits

• SSL handshake requires 2 round trips• Certificates can be large• Certificates need to be validated• Keys can be too large• Algorithms can be slow

The SSL Handshake is Costly!

Microsoft Technet: Host TLS/SSL Workshttp://bit.ly/16Zx0en

Resume SSL Session

• Avoid regenerating keys• Avoid unneeded trips• 2 methods

Microsoft Technet: Host TLS/SSL Workshttp://bit.ly/16Zx0en

• Both sides keep state/cache• Reuse based on id• Widely supported

Microsoft Technet: Host TLS/SSL Workshttp://bit.ly/16Zx0en

sessionid: 3a8a…

Big cache of all ids given

out, and associated

keys/ciphers

Session Identifiers

• Client stores “Magic Ticket”• RFC 5077, optional• No IIS support

Microsoft Technet: Host TLS/SSL Workshttp://bit.ly/16Zx0en

Encrypted summary of keys/ciphers, signed by

server

Verifies summary is valid, uses

values

Session Tickets

SSL False Start

False Start: Not Gone

• “The Failure of False Start”• Chrome still does it!

– Desktop and mobile• Any server that supports NPN! (with

forward secure)– Any server with SPDY support…– Or SSL + NPN, but only announces HTTP/1.1!

Minimize the Certificate Chain

OCSP Validation causes delays

OCSP Stapling

• Good in theory, bad in practice• Browsers are moving away from OSCP

Oversized Asymmetric Keys

• 1024 is fine• 2048 for banks• Anything more is

overkill

Cipher Order/Choice Matters

• RC4 is the best• Unless on a

machine with AES-NI– Intel i7, Xeons,

some AMD– Not most virtual

machines!!!• First match wins

http://zombe.es/post/4078724716

Is SSL really helping you?

• SSL doesn’t “secure” your website– Prevents eavesdropping, tampering– Not XSS, CSRF, SQL Injection, Unpatched/out-

of-date software, RCE, LFI, etc.• Consider: NULL-MD5, NULL-SHA• SSL with no encryption

“Does this really matter?”

• Seriously?• 1024 more bytes in key?• 2 more kilobytes in the X.509 cert?• Accidently using AES-256?• Really?

“Does this really matter?”

OMG WTF MS?

SPDY Optimization

• SPDY only works over SSL• Ensure that all your traffic if over SSL• HTTP 301 direct for http: to https:

– Add a cache-control header!• HTTP Strict Transport Security (HSTS)

– Like the browser’s cache, but for protocol access. Make (semi) far future

– Wide support (>90% of SPDY capable browsers)

Avoid These Optimizations

• Domain Sharding– Hack to request multiplexing, not needed– Hurts SPDY by spreading requests out

• JavaScript CDNs– These are a horrible blight on the web!– http://statichtml.com/2011/google-ajax-

libraries-caching.html– https://github.com/h5bp/html5-boilerplate/

pull/1327

TOOLS

SSL Labs

SPDYCheck.org

Now on Github, GPL licensed!

SSL/SPDY Optimization Check List

• Website responds over SSL/443• Website has NPN extension (even without

SPDY for False Start)• X.509 certificate is valid• X.509 chain is short• SSL Asymmetric keys are <= 2048• Cipher is RC4 (or AES-128 if supports

dedicated instructions)

SSL/SPDY Optimization Check List

• SSL session resumption is enabled (both identifiers and tickets)

• No SSL compression• Website is using latest version of SPDY• HTTP permanently (301) redirects to

HTTPS (including cache header)• HTTPS sends HTTP Strict Transport

Security header

Great Resources

• Ivan Ristic (blog.ivanristic.com)• Adam Langley (www.imperialviolet.org)• Mark Nottingham (www.mnot.net/blog/)

• Qualys SSL Labs (ssllabs.com)• SPDYCheck (spdycheck.org)

Free Performance Assessmentzoompf.com/free

Maximizing Performance with SPDY & SSL

Billy Hoffmanbilly@zoompf.com @zoompf