Lawrence_elixir

Lawrence_elixir

14) ElixirConf EU 2019 - Learn you some 'ssl' for much security! - Bram Verburg

@voltone - Security advocate, BEAM enthusiast

Learn you some ‘ssl’ for much security!

Talk in three words: TLS, security, troubleshooting

Abstract
Erlang/OTP’s built-in ‘ssl’ application forms the basis of many client and server packages. Unfortunately it has quite a few quirks, potentially leading to weak security. This talk highlights the most important client and server settings for ‘ssl’ sockets, how the defaults have evolved across OTP versions, and how popular libraries build on them. Topics include cipher suite selection, server hostname verification, known certificate issues (wildcard SAN, cross-signed CA), revocation checks, ECDSA servers, and more.

Objectives
Learn to apply secure TLS configurations to clients and servers, either directly with the OTP ‘ssl’ application or through the many libraries that rely on it: Ranch, Cowboy, Plug, Phoenix, httpc, Hackney, HTTPoison, etc.

Audience
Anyone building applications that include TLS client or server functionality, directly or through packages, which means just about anyone developing on the BEAM. The speaker Bram is an architect and security advocate with more than 20 years experience delivering complex software platforms to tier-1 telcos around the world, meeting their stringent security and reliability requirements. He has been using Erlang, and later Elixir, since 2010. As a security advocate, he has taken an interest in the security aspects of the Erlang/OTP ecosystem. This focus he has also continued as a blogger, trainer, speaker, and open source contributor. His latest project is the X509 package, available on Hex.

All will be added to the ElixirConf EU 2019 Talks List or via the #elixirConfEU2019 tag.

Most Liked

voltone

voltone

Agreed. And I’d love to get the OTP team to adopt verify: :verify_peer as the default for TLS client connections. That way, if the user did not pass in a CA trust store, connections fail with {:error, {:options, {:cacertfile, []}}}. At that point the user is forced to decide: bring in a trust store, or explicitly opt out of verification by passing verify: :verify_none.

Still, I also think application developers have a responsibility to test the end-product, the same way you would include tests to verify user authentication, even if it is mostly handled by a 3rd party package. We all need to talk about this, improve the defaults, improve the documentation, and improve the testing. It all starts with awareness, which was the main goal of the talk.

Where Next?

Popular in Talks Top

axelson
ElixirConf 2017 - Embedded Elixir for Monitoring the Built Environment - Christopher Coté At CRT Labs (Natio...
New
axelson
ElixirConf 2017 - The Power of Zero - Andrew Forward Automation is hard, but the benefits can be phenomenal....
New
axelson
Almost done with posting the Elixir Conf talks! ElixirConf 2017 - Realtime Vehicle Tracking with Elixir and Phoenix - @st23am ...
New
axelson
ElixirConf US 2018 – Making a GraphQL Server with Absinthe & Dataloader – Aaron Votre (@shamshirz) The ...
New
axelson
ElixirConf 2017 - Building an Open Source, Real Time Forum with Phoenix and Elm - @knewter There’s a lot of ...
New
AstonJ
File uploads are an essential part of many web applications, but often handling them can be tricky, which explains why they are one of th...
New
axelson
ElixirConf US 2018 – We’re Just Getting Started - Our Three Years with Elixir – Maciej Kaszubowski (@mkaszubowski) ...
New
Lawrence_elixir
Tonci Galic - Building a GameBoy emulator with Elixir and Scenic - ElixirConfEU 2019 Tonći Galić - Automating my role, mak...
New
Lawrence_elixir
ElixirConf EU 2019 talk videos ElixirConf EU 2020 - Early bird tickets on sale now! Website: http://www.elixirconf.eu Twitter: www.t...
New
axelson
by @jon At PagerDuty, we run our systems across many geographic regions to ensure we’re always available, even when you might not be. E...
New

Other popular topics Top

Patoshizzle
After calling mix ecto.create I get this error: 17:00:32.162 [error] GenServer #PID<0.412.0> terminating ** (Postgrex.Error) FATAL...
New
Fl4m3Ph03n1x
About me? ( if you have nothing better to do than reading about some random guy in the internet :stuck_out_tongue: ) Hello all, this is ...
New
jerry
Good day to you all. I have been struggling to get a query involving like and ilike to work. Can anyone assist me on this, please? pro...
New
belgoros
I’m not a pro in using Regex and can’t figure out why the following behaviour happens, especially if we take into account the difference ...
New
AngeloChecked
What learn first? Rust or Elixir Hi Elixir community! I’m here because i want learn a new language. I’m a junior developer and mainly i ...
New
joeerl
Hello again - after a longish gap I’ve decided I really must dig into Elixir and see what’s been happening here - so I have a few questio...
New
KronicDeth
Elixir plugin for JetBrain’s IntelliJ Platform (including Rubymine) This is a plugin that adds support for Elixir to JetBrains IntelliJ...
289 36352 110
New
rms.mrcs
Hi, I need to transform a list of numbers into a map where the keys are the indexes and the values are the original values of the list. ...
New
Brian
What is the proper way to load a module from a file in to IEX? In the python world, doing something like this pretty standard: from ....
New
svb
Hi! Currently I want to submit a form by pressing the Enter key. However, since my input field is of type “textarea” this is just adds a...
New

Latest on Elixir Forum

We're in Beta

About us Mission Statement