[Cryptography] TLS proxies popped

[Henry Baker]

http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf

http://www.theregister.co.uk/2016/05/05/tls_proxies_are_insecure/

TLS proxies: insecure by design say boffins

5 May 2016 at 07:15, Richard Chirgwin

Have you ever suspected filters that decrypt traffic of being insecure?  Canadian boffins agree with you, saying TLS proxies – commonly deployed in both business and home networks for traffic inspection – open up cans of worms.

In their tests, "not a single TLS proxy implementation is secure with respect to all of our tests, sometimes leading to trivial server impersonation under an active man-in-the-middle attack, as soon as the product is installed on a system," write Xavier de Carné de Carnavalet and Mohammad Mannan of the Concordia Institute of Systems Engineering in Montrea.

The trio's paper (PDF) goes on to say that users could be exposed to man-in-the-middle attacks or other CA-based impersonations.

We found that four products are vulnerable to full server impersonation under an active man-in-the-middle (MITM) attack out-of-the-box, and two more if TLS filtering is enabled.  Several of these tools also mislead browsers into believing that a TLS connection is more secure than it actually is, by e.g., artificially upgrading a server’s TLS version at the client.

There's also the matter of how products protect their root certificates' private key.  It's not pretty, as the table ... shows.