Modern networking for php developers - Dutch PHP conference 2015

Modern networking for PHP developers Dutch PHP conference 2015

IPv6, SSL, SPDY & HTTP/2

Marcus Bointon Technical director, Synchromedia Limited & Smartmessages.net

SSL

IPv6

SPDY & HTTP/2

There a lot to cover, so this will be a bit of a whirlwind tour!

IPv6

Starting at the bottom of the stack. How many of you are using IPv6 already? How many of you have deployed IPv6-only servers?We’re all familiar with IPv4 that has formed the foundation of the internet since 1978. IPv4 has served us very well, but it’s showing its age and has various shortcomings, one of which is rapidly becoming a problem. The IETF was well aware where this was going, and set about designing a replacement, and IPv6 was finally ratified in 1998. Yes, 1998! You’re not as bleeding edge as you might have thought!

Dutch PHP Conference 2015 Marcus Bointon

IPv6 Features• Streamlined protocol headers - bigger but simpler

• Stateless autoconfiguration

• Built-in security (IPSec)

• Jumbograms

• Unicast / Multicast / Anycast

• More stuff that you don’t need to care about…

• 128-bit addresses

Protocol headers were made simpler to improve router efficiency - smaller routing tables.Stateless autoconfiguration means devices can self-assign addresses without fear of clashes, finds gateways automatically, DHCP6 is more flexibleIPSec support is built-inJumbograms to reduce overhead on large transfers - up to 4Gb in a packetVarious ways of telling it to distribute packets to one or more addresses in a group. Anycast is something like a built-in CDN.Loads more stuff that’s all buried in your stack that, as a PHP dev, you don’t need to care aboutBut the big, big thing you do need to know is that it replaces IPv4’s 32-bit addresses with 128-bit addressesIf you don’t think in binary, you might be thinking - that’s only 4 times bigger, surely we need more than that?

128 bits is…

340,282,366,920,938,463,463,374,607,431,768,211,456

10^34 is a very, very big number340 billion billion billion billion


So how big is that?

• If you used a 0.25mm pixel to display each available address, how big an area would you need to display them all?

• IPv4: about the size of a tennis court

• IPv6: 100,000 times the size of the solar system

It’s hard to get a grip on how big a number that is, so let’s relate it to something we might be able to comprehend.OK, so maybe that’s not so easy to comprehend, but at least you get the idea that it’s very, very big.If it’s any consolation, it’s much less than the number of ways you can order a pack of cards (10^67)!


IPv6 Address Allocation

• Just like IPv4, but bigger

• Your ISP will probably give you a /64 subnet

• So you have 4 billion internets to pick your own addresses from!

• Great for virtual hosting, SSL, docker containers

ISPs are allocated address blocks in much the same way as for IPv4, and they will allocate them to you in a similar way, but instead of being given say, 1 IP per server, they can afford to be a bit more generous, and assign you whole net blocks from which you can choose your own addresses.Security benefit: so many addresses, address scanning becomes useless.


IPv6 Notation

• We’ve got very used to IPv4’s decimal dotted-quad pattern: 192.168.0.1

• That’s just not practical for IPv6

• Hexadecimal for greater density

• Colons to delimit 16-bit chunks

• Square brackets to wrap

• [2001:0000:0000:EF22:0000:1234:5678:0001]

One common practical problem with IPv6 is how you write it down. It’s new and different.A full-length IPv6 address using the IPv4 8-bit decimal notation would be up to 63 characters long.Using hex takes it down to 39, and we’ll see that can be shortened further.CIDR: Classless Inter-Domain RoutingWe need the square brackets to limit the start and end of the address, so that it doesn’t get confused with the common port number notation in URLs.


IPv6 Notation Shortcuts

• It’s all about the zeros

• Replace one sequence of one or more 0000 chunks with a double-colon

• Collapse other 0000 chunks to 0

• Strip leading zeros: 0023 -> 23

• 2001:0000:0000:EF22:0000:1234:5678:0001

• 2001::EF22:0:1234:5678:1

Even with those changes, IPv6 addresses are a bit of a mouthful.


Familiar Addresses

• IPv4 Localhost: 127.0.0.1

• IPv6 localhost: [0000:0000:0000:0000:0000:0000:0000:0001]

• Becomes simply: [::1]

• All addresses: [::], just like 0.0.0.0

• Link-local addresses [FE80…]

• Network: [2001::EF22:0:1234:5678:0/96]

Link-local addresses are only valid for 1 hop, so only exist within a single network.


IPv6 in PHP

• PHP and all host OSs have full IPv6 support

• PHP shows support in phpinfo()

• Provide IPv6 addresses in square brackets for network functions

• e.g. fsockopen(‘tcp://[fe80::1]', 80…);

• Change validations to allow IPv6:FILTER_VAR_IPV6, FILTER_FLAG_NO_PRIV_RANGE

All this IPv6 goodness is actually pretty simple in PHP - all the underlying systems support it, so you just need to make your app OK with it.


IPv6 in MySQL

• If you’re using strings for storing IPs, stop now!

• UNSIGNED INT for IPv4

• Use MySQL 5.6

• Use VARBINARY(16) for an elegant, unified solution for both IPv4 and IPv6 in the same field

• Convert to / from strings with INET6_ATON and INET6_NTOA

• Similar PHP functions inet_ntop and inet_pton, with one function wrapper needed

MySQL itself has supported IPv6 connections for years, but storing IPv6 addresses in binary fields was only added fairly recently.There is no integer field type big enough, so need to use binary, and varbinary allows efficient storage of mixed IPv4 and IPv6


Convert IPv4 or IPv6 from MySQL binary format to a string

http://php.net/inet-ntop

This little snippet is needed to handle MySQL’s binary format, so I added it to the PHP docs page.

http://php.net/inet-ntop


Deploying IPv6

• Servers need IPv6 addresses - ISP must support it

• or you can tunnel until they do

• Clients need IPv6 connections too

• Name servers on IPv6

• AAAA records in your DNS

• Reverse DNS for mail servers

• Check other sources - CDNs too

Most decent hosting providers already have IPv6 - Amazon EC2 doesn’t support it for servers, but does for ELB load balancers.You can tunnel IPv6 over IPv4 connections - SixXS and Hurricane Electric’s tunnelbroker.net provide it as a service.Realistically you don’t want to be messing about with non-native support; use an ISP with a clue.Lots of domestic broadband does not - they are all waiting for the last possible moment…All 4G mobiles support IPv6 by definition, and Apple is requiring IPv6 support for iOS 9 apps.Name servers need to be on IPv6 too or your lookups will happen over 4 even if your servers are on 6It’s simpler if you use your ISP’s or registrar’s name servers as you don’t need glue recordsDon’t forget to add them to your SPF record, create mail server reverse entries.Your pages may be deployed from IPv6, but sub-elements may not - javascript, css, images etc.


Testing IPv6

• `ip addr`, `ping6`, `dig aaaa`

• IPv6 addresses work in /etc/hosts

• https://www.mythic-beasts.com/ipv6/health-check

• Chrome/Firefox plugins for connection status

Mythic Beasts is a great ISP - some excellent IPv6 advice on their blogChrome extension called “IPvFoo”.

https://www.mythic-beasts.com/ipv6/health-check

SSL / TLS

How many of you are using SSL already?Jumping ahead a little, how many of you are using HSTS?


No excuses not to run SSL any more

• Free certs available (Startcom & letsencrypt.org)

• Not significantly slower

• Required for SPDY…

• but not for HTTP/2

• Google will rank you higher!

• It’s essentially a requirement for iOS 9 apps

letsencrypt.org will be providing free certs from September 2015.HTTP/2 not needing SSL is really a red herring, still no excuseiOS 9 introduces “App Transport Security”, which is TLSv1.2, SHA256 and FS-only ciphers


SSL has had a rough year

• Heartbleed - OpenSSL bugs

• POODLE - SSLv3 holes, RC4

• Logjam - weak export ciphers & DH params

• The upside - quality and awareness increased

Heartbleed was a really big deal, exposing random data in both clients and servers, led to a massive rewrite of OpenSSL by the OpenBSD developers, released as LibreSSL, which will be in OS X 10.11.We’ve known that SSLv3 was bad for a long time - POODLE was the last nail in its coffin.RC4 was often favoured as a solution to a vulnerability known as BEAST, but this only affects older implementations or SSLv3 and TLS1.0.Be aware that there are other attacks (like CRIME and BREACH), and there will probably be a new one tomorrow.


Get the right certificate

• 2048-bit key

• SHA2 signature

• Extra names with SAN

• Wildcards make admin easier

• Issuing certificates is technically trivial

• …but administratively hard

SHA2 isn’t a fixed size, but SHA256 is common.Can go bigger than 2048-bit keys, but diminishing returns, good for 20 years yet.You don’t need to limit yourself to a single name per certificate. Most CAs will sell you a multi-name (Server Alternate Name) or wildcard cert which you can use for multiple services. You can usually change or add new names of no extra charge. EV certs can’t be wildcards, but can use SAN.SAN requires SNI support in clients if you want to use several names on one IP - SNI support is an HTTP/2 requirement.Generating certificates is technically trivial - it takes a couple of seconds to create and sign a new cert and can be completely automated, yet it may take days (if a CA is doing its job properly) with a manual process to verify that an applicant is who they say they are. Yet weirdly, most CAs charge for generation, not verification.StartCom is the only CA I’ve found that prices based on this fact - charging only for validation, not cert generation. Once you have verified who you are, you can have as many certs as you like for no extra cost.


What to look for in a good config

• Redirect to secure site

• Ciphers that offer forward secrecy - DHE, ECDHE

• Use at least 2048-bit DH params for DHE

• At least TLS v 1.0

• SSL session caching

• Staple CA certs for OCSP

• HTTP Strict Transport Security (HSTS)

Forward secrecy means that captured traffic can’t be decrypted later even if an attacker gets hold of your private key.TLS is simply the new name for SSL, a continuation of the same standards. 1.0 should be your minimum target now that SSLv3 is out, higher if your user base can take it.Diffie-Hellman Ephemeral keys are used in key exchange with forward secrecy, and it’s vital that this is done very securely, so use at least 2048 bits. HTTP/2 requires support of at least 4096 bits.OCSP stapling saves a DNS lookup, TCP round-trips and an SSL handshake by bundling your CA’s certificate.HSTS lets browsers know that everything you serve from your domain, and possibly all subdomains, should be secure. Helps avoid broken URLs, downgrade attacks, cookie hijacking, MITM attacks, security warnings, reduces redirects.


Testing SSL config

• Click the padlock!

• openssl s_client

• Qualys SSL Labs: https://www.ssllabs.com/ssltest/

• sslyze

• Config generator: https://mozilla.github.io/server-side-tls/ssl-config-generator/

• Prefab configs: https://github.com/ioerror/duraconf

Test on a command line with the openssl client - lets you do all kinds of useful things - generating keys, verifying signatures, testing connections, generating DH parameters etc.Fantastic service by Qualys - examines what settings your server allows, how efficient it is, and also shows which clients can connect to it and how securely.Windows XP & Java 6 compatibility might stop you getting an A+ rating.sslyze offers similar testing from a command line.Because there some very common configs, there are some ready-to-roll examples available and a nice config generator from mozilla for apache, nginx, haproxy, ELB.Bear in mind that if you’re only serving a small range of client types, for example iOS 9, you can restrict settings heavily to make it more secure, for example by only allowing TLSv1.2.

https://www.ssllabs.com/ssltest/

https://github.com/ioerror/duraconf


HTTPS in PHP

• It’s been supported for years

• Certificates verified by default in PHP 5.6

• Override with ssl stream context properties

• HSTS is great, but…

• You may need to provide secure proxies

• Consider relative-protocol URLs deprecated

PHP 5.6 verifies certificates by default. Python and Ruby shared the same problem for many years. Some were campaigning for years to get this changed, but it was never going to be smooth!HSTS can break things like Wordpress plugins that load their own resources.Relative Protocol URLs have a somewhat chequered history anyway - it’s common to run into certificate mismatches, domains that don’t provide SSL on the same hostname (google did this) etc, can’t work where there is no page context.

SPDY & HTTP/2

How many of you are using SPDY? How many of you are using HTTP/2?As Ben Ramsey’s talk yesterday gave a thorough grounding on the background of HTTP/2, I’m skipping that.


HTTP Potted History

• HTTP/0.9 - 1991

• HTTP/1.0 - 1996, RFC1945

• HTTP/1.1 - 1997, RFC2068, RFC732x

• SPDY - 2009

• HTTP/2 - 2015, RFC7540

• http://http2.github.io/http2-spec

0.9 only had GET!1.0 added https, HEAD and POST, basic auth1.1 proxies, caching, lots of new verbsLater RFCs nailed things down a little harder, but the version remained unchangedGoogle announced SPDY in 2009 as a means of addressing some of the shortcomings of HTTP, making use of their unique position as both site and browser maker, something that they have continued to do.SPDY became a public testbed for what was to eventually evolve into HTTP/2 - so HTTP/2 isn’t really all new.

http://http2.github.io/http2-spec


What’s in SPDY?

• It’s a tunnel for HTTP and HTTPS requests

• It’s a binary protocol

• Streamlines, combines, simplifies and compresses HTTP requests and responses

• Reduces latency & overhead

• No app changes necessary

No more telnet into your web server :(


What’s in HTTP/2?

• Compatibility with HTTP/1.1

• HPACK header compression

• Multiple prioritised streams within a single connection - reduced TCP & SSL overhead

• Server can decide how to bundle resources dynamically

• Real server push

Google’s intention was that SPDY would form the basis of HTTP/2, so the differences are evolutionary.Also binary protocol, but curl and wget already speak HTTP/2.Header compression helps reduce the impact of ever-expanding headers, cookies etc. HPACK rather than gzip to mitigate CRIME attacks.Multiple streams within a single TCP connection - reduces setup time, latency - especially with SSL. HTTP/1.1 had pipelining, but it was strictly first-in/first-out and was thus subject to head-of-line blocking.Prioritisation means it could interrupt a large image download to sneak past an important ajax response.Potential for pre-emptive push of related assets - when you request the page, you get all the CSS and JS with it, perhaps images too.Could be done adaptively without pre-configuration, by watching what clients do - but we’re not there yet.Server push is not just an illusion this time! TCP sockets are expected to stay open for long periods.


HTTP/2 Client Support

• SPDY is everywhere

• HTTP/2 is getting there

• Even IE!

• Safari on OS X and iOS will get HTTP/2 in next versions

• curl & libcurl

• No explicit support in PHP

Both SPDY and HTTP/2 have seen rapid uptake by web client developers - supported in all major browsers.SPDY requires TLS, but HTTP/2 does not, however, nearly all the client implementations (that grew from SPDY) require it, so it’s a de-facto standard.HTTP/2 will be in Safari 8.1 on OS X on 10.11 and iOS 9, but it’s already in Chrome for iOS.Not a big deal for PHP as it will inherit client access through libcurl, and PHP rarely runs as a server.


HTTP/2 Server Support

• Not in Apache or Nginx yet, but SPDY is

• Is in IIS & LiteSpeed

• H2O and nghttp2 can proxy

• Use SPDY for now

• Expect everything important by year end

Apache and nginx have excellent SPDY support, but no HTTP/2.Nghttp2 library being used to add HTTP/2 support to various things, including an experimental apache module called mod_h2.HTTP/2 will be in nginx by year-end.H2O is a simple but very fast HTTP/2 server that you can use as a reverse proxy - no fastcgi support yet.SPDY is a nice easy upgrade if you’re not using it already, but it won’t be around for long - Google has said it will be removed from Chrome next year.


What to change for HTTP/2?

• Nothing!

• New anti-patterns

• Domain sharding

• Pre-combining CSS, JS assets, image sprites

• Not using TLS

• It’s going to get a lot better

Just like SPDY, you can treat it as mostly plug & play.But there are current common practices that actively work against HTTP/2’s abilities.Though HTTP/2 doesn’t strictly require TLS, the overhead it adds is “paid for” by the ALPN TLS extension that's as a way of upgrading a an HTTP/1.1 connection to HTTP/2 without using the HTTP/2 upgrade mechanism. Also, all client implementations require TLS, so it’s academic.It will get much better as new web server features evolve to take advantage of HTTP/2’s abilities.


Testing SPDY & HTTP/2

• curl, wget, wireshark

• Browser extensions to show connection type

• Look at Google, twitter

• Chrome net internals:

• chrome://net-internals/#http2

• Benchmark it! It’s supposed to be faster!

Chrome extension called “HTTP/2 and SPDY indicator”

chrome://net-internals/#http2


The future

• Fix shortcomings of TCP

• QUIC

• Packetzoom

• DNSSec

• BlockChain

• PHP7!

TCP can be horribly inefficient, especially on busy, unreliable networks - like mobiles. Much of HTTP/2 is to reduce the impact of this overhead.Latency is the defining factor in network performance.QUIC is Google’s low-overhead reimagining of TCP built on UDP, so it works with all current stacks, already in Chrome, used on Google sites.Packetzoom is doing the same thing, but using a whole new IP protocol tuned for mobileDNS has a whole raft of security problems that are largely addressed by DNSSec, but it’s complex and being slow to gain traction. IPv6 increases the value of DNS servers to attackers. Witness BT internet redirecting google searches to an insecure site!Bitcoin’s BlockChain just seems to be popping up everywhere; it’s bound to get used for something significant soon!Most of these are independent of PHP as they’re handled by lower-level serversBut we’re all looking forward to PHP7!

Questions

Thank you!

• Marcus Bointon • [email protected] • @SynchroM • Synchro on GitHub & StackExchange

mailto:[email protected]

Links:IPv6: https://en.wikipedia.org/wiki/IPv6Intro to IPv6: http://chrisgrundemann.com/index.php/category/ipv6/introducing-ipv6/Cisco IPv6 docs: http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/rtg_brdg/guide/rtbrgdgd/ipv6.htmlUseful IPv6 articles: http://ipv6.com/articles/general/Nice IPv6 docs: http://www.tcpipguide.com/free/t_InternetProtocolVersion6IPv6IPNextGenerationIPng.htmDNSSec: http://www.internetsociety.org/deploy360/dnssec/basics/What are Diffie-Hellman params for? http://security.stackexchange.com/questions/38206HTTP/2 info: https://http2.github.ioHTTP/2 overview: http://chimera.labs.oreilly.com/books/1230000000545/ch12.htmliOS 9 App Transport Security policy: https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/index.html#//apple_ref/doc/uid/TP40016240-CH1-SW3

Technology

Modern networking for php developers - Dutch PHP conference 2015