ApacheCon 2016 has ended
Thursday, May 12 • 4:40pm - 5:30pm
Proxying Sensitive TLS Operations in Open Source - Susan Hinrichs & Dave Thompson, Yahoo

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The private key is the linchpin to web server authentication. If an attacker gains the private key to yahoo.com, he can set up another server that will authenticate without error as yahoo.com. In a content delivery network, the private key must be distributed to all Edge devices, creating a bigger attack surface. In this presentation, Susan and Dave describe how they augmented Apache Traffic Server using openssl engines to work with a CryptoProxy server hosted in a more secure location. They analyze the costs and benefits and show that not only does a CryptoProxy solution increase security but it also improves performance in many cases. While their solution uses Apache Traffic Server similar techniques could be used for other network servers.

avatar for Susan Hinrichs

Susan Hinrichs

Technical Yahoo, Yahoo
Susan Hinrichs is a member of Yahoo’s Edge team. Susan is a committer and PMC member on Apache Traffic Server where she has implemented TLS extensions and state machine fixes. She earned a PhD in CS from Carnegie Mellon and worked on security policy at Cisco Systems. Susan spent... Read More →

Thursday May 12, 2016 4:40pm - 5:30pm PDT
Plaza B