TLS man in the middle

Alexander Klimov alserkli at
Mon Nov 9 03:00:45 EST 2009

On Sat, 7 Nov 2009, Sandy Harris wrote:
> I'm in China and use SSL/TLS for quite a few things. Proxy connections,
> Gmail set to "always use https" and so on. This is the main defense for
> me and many others against the Great Firewall.
> Should I be worrying about man-in-the-middle attacks from the Great
> Firewall servers?

The attack does not directly allow to see any plaintext, it only
prepends your data with attackers plaintext.

IMO if the Great Firewall administrator wanted to intercept TLS
traffic they would do the usual TLS MitM attack with replacement of
certificates (as done by some corporate firewalls). Using the
renegotiation attack for purposes allowed by law seems to be too
round about.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list