TL;DR

  • SSL์€ ํ†ต์‹  ์•”ํ˜ธํ™” ํ”„๋กœํ† ์ฝœ์ด์ง€๋งŒ ๋ณด์•ˆ ์ทจ์•ฝ์ ์œผ๋กœ ํ๊ธฐ๋œ ์ƒํƒœ
  • TLS๋Š” SSL์˜ ํ›„์† ํ‘œ์ค€์œผ๋กœ, ํ”ํžˆ โ€œSSLโ€์ด๋ผ ๋ถˆ๋Ÿฌ๋„ ์‹ค์ œ๋กœ๋Š” TLS๊ฐ€ ๋™์ž‘
  • TLS 1.3์€ handshake ๊ฐ„์†Œํ™”์™€ ์ทจ์•ฝ ์•”ํ˜ธ ์Šค์œ„ํŠธ ์ œ๊ฑฐ๋กœ ์„ฑ๋Šฅ๊ณผ ๋ณด์•ˆ ๊ฐœ์„ 

1. SSL์ด๋ž€

SSL(Secure Sockets Layer)์€ ์ธํ„ฐ๋„ท ํ†ต์‹ ์„ ์•”ํ˜ธํ™”ํ•˜์—ฌ ๋ฐ์ดํ„ฐ ๋ณด์•ˆ์„ ์ œ๊ณตํ•˜๋Š” ํ”„๋กœํ† ์ฝœ์ด๋‹ค. Netscape๊ฐ€ 1995๋…„์— ์„ค๊ณ„ํ–ˆ๋‹ค.

  • ๋ฐ์ดํ„ฐ ์•”ํ˜ธํ™”๋กœ ํ†ต์‹  ๋ณด์•ˆ ์œ ์ง€
  • ์„œ๋ฒ„์™€ ํด๋ผ์ด์–ธํŠธ ๊ฐ„ ์‹ ์› ์ธ์ฆ
  • ๋ฐ์ดํ„ฐ ๋ฌด๊ฒฐ์„ฑ ๋ณด์žฅ (๋ณ€์กฐ ๋ฐฉ์ง€)
SSL ์ž‘๋™ ๋ฐฉ์‹
  1. ํด๋ผ์ด์–ธํŠธ๊ฐ€ ์„œ๋ฒ„์— ์—ฐ๊ฒฐ ์š”์ฒญ
  2. ์„œ๋ฒ„๊ฐ€ ์ธ์ฆ์„œ๋ฅผ ํด๋ผ์ด์–ธํŠธ์— ์ „๋‹ฌ
  3. ํด๋ผ์ด์–ธํŠธ๊ฐ€ ์ธ์ฆ์„œ ์‹ ๋ขฐ ์—ฌ๋ถ€ ํ™•์ธ
  4. ์–‘์ธก์ด ์•”ํ˜ธํ™” ๋ฐฉ์‹ ํ˜‘์ƒ ํ›„ ์„ธ์…˜ ํ‚ค ์ƒ์„ฑ
  5. ์„ธ์…˜ ํ‚ค๋ฅผ ์‚ฌ์šฉํ•ด ์•”ํ˜ธํ™”๋œ ํ†ต์‹  ์‹œ์ž‘

์„ธ์…˜ ํ‚ค

์„ธ์…˜ ํ‚ค๋Š” 17. ์•ˆ์ „์„ฑ์„ ์œ„ํ•œ ๊ธฐ์ˆ  > ์•”ํ˜ธ์™€ ์ธ์ฆ์„œ์—์„œ ๋‹ค๋ฃฌ ํ•˜์ด๋ธŒ๋ฆฌ๋“œ ๋ฐฉ์‹์œผ๋กœ ์ƒ์„ฑ๋œ๋‹ค. ๋น„๋Œ€์นญ ํ‚ค๋กœ ๋Œ€์นญ ํ‚ค(์„ธ์…˜ ํ‚ค)๋ฅผ ์•ˆ์ „ํ•˜๊ฒŒ ๊ตํ™˜ํ•œ ๋’ค, ์‹ค์ œ ๋ฐ์ดํ„ฐ ์ „์†ก์€ ๋น ๋ฅธ ๋Œ€์นญ ํ‚ค ์•”ํ˜ธํ™”๋กœ ์ฒ˜๋ฆฌํ•œ๋‹ค.


2. SSL์˜ ํ๊ธฐ

SSL์€ ํ˜„์žฌ ์‚ฌ์šฉํ•ด์„œ๋Š” ์•ˆ ๋˜๋Š” ํ”„๋กœํ† ์ฝœ์ด๋‹ค.

๋ฒ„์ „์—ฐ๋„์ƒํƒœ
SSL 1.01994๊ณต๊ฐœ ์ „ ํ๊ธฐ (์‹ฌ๊ฐํ•œ ๊ฒฐํ•จ)
SSL 2.019952011๋…„ ํ๊ธฐ (RFC 6176)
SSL 3.019962015๋…„ ํ๊ธฐ (RFC 7568)

SSL 3.0์€ POODLE ๊ณต๊ฒฉ(2014๋…„ ๋ฐœ๊ฒฌ)์œผ๋กœ ์ธํ•ด ํ๊ธฐ๋˜์—ˆ๋‹ค. POODLE์€ SSL 3.0์˜ CBC ๋ชจ๋“œ ํŒจ๋”ฉ ์ฒ˜๋ฆฌ ๋ฐฉ์‹์„ ์•…์šฉํ•ด ์•”ํ˜ธํ™”๋œ ๋ฐ์ดํ„ฐ๋ฅผ ํ•œ ๋ฐ”์ดํŠธ์”ฉ ๋ณตํ˜ธํ™”ํ•  ์ˆ˜ ์žˆ๋Š” ์ทจ์•ฝ์ ์ด๋‹ค.


3. TLS๋ž€

TLS(Transport Layer Security)๋Š” SSL 3.0์„ ๊ธฐ๋ฐ˜์œผ๋กœ IETF๊ฐ€ ํ‘œ์ค€ํ™”ํ•œ ํ›„์† ํ”„๋กœํ† ์ฝœ์ด๋‹ค.

๋ฒ„์ „์—ฐ๋„์ƒํƒœ
TLS 1.019992021๋…„ ํ๊ธฐ (RFC 8996)
TLS 1.120062021๋…„ ํ๊ธฐ (RFC 8996)
TLS 1.22008ํ˜„์žฌ ์‚ฌ์šฉ ๊ฐ€๋Šฅ
TLS 1.32018ํ˜„์žฌ ๊ถŒ์žฅ ํ‘œ์ค€

"SSL"์ด๋ผ ๋ถ€๋ฅด์ง€๋งŒ ์‹ค์ œ๋กœ๋Š” TLS

๋ธŒ๋ผ์šฐ์ € ์ฃผ์†Œ์ฐฝ์˜ ์ž๋ฌผ์‡  ์•„์ด์ฝ˜, โ€œSSL ์ธ์ฆ์„œโ€, Letโ€™s Encrypt ๋“ฑ์—์„œ ๋งํ•˜๋Š” SSL์€ ์‚ฌ์‹ค์ƒ TLS๋ฅผ ์˜๋ฏธํ•œ๋‹ค. ์—ญ์‚ฌ์  ์ด์œ ๋กœ SSL์ด๋ผ๋Š” ์ด๋ฆ„์ด ๊ด€์šฉ์ ์œผ๋กœ ๋‚จ์•„ ์žˆ์„ ๋ฟ์ด๋‹ค.


4. TLS 1.2 vs TLS 1.3

TLS 1.3์€ 2018๋…„์— ๋ฐœํ‘œ๋œ ์ตœ์‹  ํ‘œ์ค€์œผ๋กœ, 1.2 ๋Œ€๋น„ ๋ณด์•ˆ๊ณผ ์„ฑ๋Šฅ์ด ๋ชจ๋‘ ๊ฐœ์„ ๋˜์—ˆ๋‹ค.

Handshake ๊ฐ„์†Œํ™”
  • TLS 1.2 : 2-RTT (์™•๋ณต 2ํšŒ) โ€” ClientHello โ†’ ServerHello โ†’ ํ‚ค ๊ตํ™˜ โ†’ Finished
  • TLS 1.3 : 1-RTT (์™•๋ณต 1ํšŒ) โ€” ClientHello์— ํ‚ค ๊ณต์œ  ์ •๋ณด๋ฅผ ํฌํ•จํ•ด์„œ ๋ณด๋ƒ„
# TLS 1.2 (2-RTT)
Client โ†’ Server : ClientHello
Client โ† Server : ServerHello, Certificate, KeyExchange
Client โ†’ Server : KeyExchange, Finished
Client โ† Server : Finished

# TLS 1.3 (1-RTT)
Client โ†’ Server : ClientHello + KeyShare
Client โ† Server : ServerHello + KeyShare, Certificate, Finished
Client โ†’ Server : Finished

์—ฐ๊ฒฐ ์„ค์ •์ด ๋นจ๋ผ์ง€๋ฏ€๋กœ ์ฒด๊ฐ ์†๋„๊ฐ€ ํ–ฅ์ƒ๋œ๋‹ค.

0-RTT (Zero Round Trip Time)

TLS 1.3์—์„œ๋Š” ์ด์ „์— ์—ฐ๊ฒฐํ•œ ์  ์žˆ๋Š” ์„œ๋ฒ„์— ๋Œ€ํ•ด ์ฒซ ๋ฉ”์‹œ์ง€์— ๋ฐ์ดํ„ฐ๋ฅผ ํ•จ๊ป˜ ๋ณด๋‚ผ ์ˆ˜ ์žˆ๋‹ค (0-RTT Resumption). ๋‹ค๋งŒ ์žฌ์ „์†ก ๊ณต๊ฒฉ(replay attack)์— ์ทจ์•ฝํ•  ์ˆ˜ ์žˆ์–ด์„œ ๋ฉฑ๋“ฑํ•˜์ง€ ์•Š์€ ์š”์ฒญ์—๋Š” ์‚ฌ์šฉํ•˜์ง€ ์•Š๋Š” ๊ฒƒ์ด ์ข‹๋‹ค.

์ทจ์•ฝํ•œ ์•Œ๊ณ ๋ฆฌ์ฆ˜ ์ œ๊ฑฐ

TLS 1.3์—์„œ๋Š” ์•„๋ž˜ ํ•ญ๋ชฉ์ด ์™„์ „ํžˆ ์ œ๊ฑฐ๋˜์—ˆ๋‹ค.

  • RSA ํ‚ค ๊ตํ™˜ (์ „๋ฐฉ ๋น„๋ฐ€์„ฑ ๋ฏธ์ง€์›)
  • CBC ๋ชจ๋“œ ์•”ํ˜ธ ์Šค์œ„ํŠธ
  • RC4, DES, 3DES
  • SHA-1 ๊ธฐ๋ฐ˜ ์„œ๋ช…
  • ์ •์  Diffie-Hellman

์ „๋ฐฉ ๋น„๋ฐ€์„ฑ (Forward Secrecy)

์„œ๋ฒ„์˜ ๊ฐœ์ธ ํ‚ค๊ฐ€ ์œ ์ถœ๋˜๋”๋ผ๋„ ๊ณผ๊ฑฐ์— ์•”ํ˜ธํ™”๋œ ํ†ต์‹  ๋‚ด์šฉ์€ ๋ณตํ˜ธํ™”ํ•  ์ˆ˜ ์—†๋Š” ์„ฑ์งˆ์ด๋‹ค. TLS 1.3์€ ๋ชจ๋“  ํ‚ค ๊ตํ™˜์— ์ž„์‹œ Diffie-Hellman(DHE/ECDHE)์„ ์‚ฌ์šฉํ•˜์—ฌ ์ „๋ฐฉ ๋น„๋ฐ€์„ฑ์„ ๊ฐ•์ œํ•œ๋‹ค. TLS 1.2์—์„œ๋Š” RSA ํ‚ค ๊ตํ™˜์„ ์“ฐ๋ฉด ์ „๋ฐฉ ๋น„๋ฐ€์„ฑ์ด ๋ณด์žฅ๋˜์ง€ ์•Š์•˜๋‹ค.

TLS 1.2 vs 1.3 ๋น„๊ต ํ‘œ
ํ•ญ๋ชฉTLS 1.2TLS 1.3
Handshake2-RTT1-RTT (0-RTT ์ง€์›)
ํ‚ค ๊ตํ™˜RSA, DHE, ECDHEECDHE, DHE๋งŒ ํ—ˆ์šฉ
์ „๋ฐฉ ๋น„๋ฐ€์„ฑ์„ ํƒ (RSA ์‚ฌ์šฉ ์‹œ ๋ฏธ์ง€์›)๊ฐ•์ œ
์•”ํ˜ธ ์Šค์œ„ํŠธ๋‹ค์ˆ˜ (์ผ๋ถ€ ์ทจ์•ฝ)5๊ฐœ๋กœ ์ถ•์†Œ (์•ˆ์ „ํ•œ ๊ฒƒ๋งŒ)
์•”ํ˜ธํ™” ๋ชจ๋“œCBC, GCM ๋“ฑAEAD๋งŒ ํ—ˆ์šฉ (GCM, ChaCha20)

5. SSL/TLS ์ธ์ฆ์„œ

์ธ์ฆ์„œ ์ข…๋ฅ˜
์ข…๋ฅ˜๊ฒ€์ฆ ๋Œ€์ƒ์šฉ๋„
DV (Domain Validation)๋„๋ฉ”์ธ ์†Œ์œ ๊ถŒ๊ฐœ์ธ ๋ธ”๋กœ๊ทธ, ์†Œ๊ทœ๋ชจ ์‚ฌ์ดํŠธ
OV (Organization Validation)๊ธฐ์—… ์‹ ์›๊ธฐ์—… ์›น์‚ฌ์ดํŠธ
EV (Extended Validation)๊ธฐ์—…์˜ ๋ฒ•์  ์กด์žฌ์™€ ์‹ ๋ขฐ์„ฑ๊ธˆ์œต, ์ „์ž์ƒ๊ฑฐ๋ž˜
์ธ์ฆ์„œ ๋ฐœ๊ธ‰ ๋ฐฉ์‹
  • ์œ ๋ฃŒ CA : DigiCert, GlobalSign ๋“ฑ์—์„œ ๋ฐœ๊ธ‰
  • ๋ฌด๋ฃŒ CA : Letโ€™s Encrypt๊ฐ€ ๋Œ€ํ‘œ์ . DV ์ธ์ฆ์„œ๋ฅผ ์ž๋™์œผ๋กœ ๋ฐœ๊ธ‰ํ•˜๊ณ  ๊ฐฑ์‹ ํ•œ๋‹ค
# Let's Encrypt + certbot ์˜ˆ์‹œ
sudo certbot --nginx -d example.com
์ธ์ฆ์„œ ํ™•์ธ
# ์„œ๋ฒ„์˜ ์ธ์ฆ์„œ ์ •๋ณด ํ™•์ธ
openssl s_client -connect example.com:443 -servername example.com < /dev/null 2>/dev/null | openssl x509 -noout -subject -dates -issuer
 
# TLS ๋ฒ„์ „ ํ™•์ธ
openssl s_client -connect example.com:443 -tls1_3

6. ์ฃผ์š” ์‚ฌ์šฉ์ฒ˜

  • ์›น์‚ฌ์ดํŠธ HTTPS ํ†ต์‹  (HTTPS handshake ์ฐธ๊ณ )
  • ์ด๋ฉ”์ผ ์•”ํ˜ธํ™” (SMTP, IMAP)
  • ๋ฐ์ดํ„ฐ ์ „์†ก ๋ฐ API ํ†ต์‹  ๋ณด์•ˆ
  • VPN ์—ฐ๊ฒฐ (OpenVPN ๋“ฑ)
  • ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค ์—ฐ๊ฒฐ ์•”ํ˜ธํ™” (PostgreSQL, MySQL ๋“ฑ)