How can you use HSTS and HPKP to enforce HTTPS and prevent TLS downgrade attacks?

1 What is a TLS downgrade attack?

A TLS downgrade attack is a type of man-in-the-middle attack, where an attacker intercepts the communication between a client and a server, and modifies the messages to make them use a weaker version of the TLS protocol, or even no encryption at all. For example, if your site supports both TLS 1.3 and TLS 1.2, an attacker could force the client to use TLS 1.2, which has some known vulnerabilities. Or, if your site supports both HTTPS and HTTP, an attacker could redirect the client to use HTTP, which is completely unencrypted and exposes the data to anyone on the network.

2 How does HSTS prevent TLS downgrade attacks?

HSTS, which stands for HTTP Strict Transport Security, is a mechanism that tells the browser to always connect to your site using HTTPS, and never use HTTP. To do this, it sends a special header from your server to the browser with information about how long the browser should remember that your site is HTTPS-only, if the same policy should apply to all subdomains of your site, and if the browser should include your site in a preloaded list of HSTS-enabled sites. By using HSTS, you can prevent the browser from ever sending an HTTP request to your site which could be intercepted and downgraded by an attacker. It also protects against SSL stripping attacks where an attacker removes HTTPS from the links on your site.

3 How does HPKP prevent TLS downgrade attacks?

HPKP, or HTTP Public Key Pinning, is a mechanism that informs the browser to only accept certain public keys from your server and reject any others. This is done by sending a special header from your server to the browser, which includes the hash of one or more public keys used for HTTPS, how long the browser should remember these public keys, the hash of one or more backup public keys in case you need to change your server's key, and an optional report URI where the browser can send a report if it encounters a key mismatch. Utilizing HPKP helps protect against attackers using fake certificates to impersonate your server and downgrade the TLS connection, as well as certificate authority compromise where an attacker obtains a valid certificate for your site from a compromised or malicious CA.

4 How to implement HSTS and HPKP on your server

To implement HSTS and HPKP on your server, you need to configure your web server to send the appropriate headers to the browser. The steps may vary based on the web server software, but generally, you should make sure your site is fully HTTPS-enabled and redirect all HTTP requests to HTTPS. Generate a strong and unique private key and certificate for your server, and store them securely. It's also a good idea to generate one or more backup keys and certificates, which you can store offline. Use a tool like OpenSSL to calculate the hash of your public keys, then add the HSTS and HPKP headers to your server's response with the parameters that suit your needs. Test your implementation using tools like SSL Labs or Security Headers, then monitor your server's logs for any errors or warnings.

5 What are the risks and limitations of HSTS and HPKP?

HSTS and HPKP are powerful techniques to enhance your site's security, but there are some risks and limitations that you should be aware of. For example, not all browsers support HSTS and HPKP, and they may have bugs or inconsistencies in their implementation. Additionally, they are not effective against the first visit to your site or if the browser's cache is cleared. The preload option can mitigate this by including your site in a list of HSTS-enabled sites that browsers load by default, however, this requires submitting your site to a third-party service with their criteria and policies. Lastly, you should plan ahead for key rotation if you need to change your server's key or certificate, as failing to do so can lock out visitors from accessing your site or trigger security warnings and reports.

6 Here’s what else to consider

This is a space to share examples, stories, or insights that don’t fit into any of the previous sections. What else would you like to add?