Skip to end of metadata
Go to start of metadata

Background

In 2015, CERT published a blog post called The Risks of SSL Inpsection, which outlined the potential weaknesses introduced by deploying an SSL inspection solution. Earlier this year, US-CERT published an alert called TA17-075A HTTPS Interception Weakens TLS Security, which suggested comparing a directly-connected browser against the same browser behind a product that performs HTTPS inspection.

The Test

Given the ease of availability of the Untangle NG Firewall, I used their SSL Inspector as an example. By default the Untangle SSL Inspector did not inspect traffic to https://badssl.com. As a result, I modified the default configuration of the SSL Inspector to inspect all HTTPS traffic. The other product tested is the Entensys UserGate UTM product, which also provides SSL inspection capabilities. Note that by default UserGate rule "Decrypt for all unknown users" does not select the "Block sites with invalid certificates" option, meaning that the client is allowed to connect to sites with invalid certificates.

The client platform used for the test was Windows 7 with both Firefox 54.0.1 and Chrome 60.

Legend

Color
Meaning
GreenUnsafe connection blocked, and proper reason given.
YellowUnsafe connection blocked, without proper reason.
RedUnsafe connection allowed.
WhiteConnection allowed. Security impact unclear.

Test Results


Firefox 54.0.1 (Windows)
Chrome 60 (Windows)

UserGate Web Filter
(Default config)

UserGate Web Filter
(Block sites with invalid certificate)

Certificate




expiredSEC_ERROR_EXPIRED_CERTIFICATENET::ERR_CERT_DATE_INVALIDResetAllowed"Incorrect SSL certificate"
wrong.hostSSL_ERROR_BAD_CERT_DOMAINNET::ERR_CERT_COMMON_NAME_INVALIDBlockedBlockedBlocked
self-signedSEC_ERROR_UNKNOWN_ISSUER

NET::ERR_CERT_AUTHORITY_INVALID

ResetAllowed"Incorrect SSL certificate"
untrusted-rootSEC_ERROR_UNKNOWN_ISSUERNET::ERR_CERT_AUTHORITY_INVALIDResetAllowed"Incorrect SSL certificate"
revokedSEC_ERROR_REVOKED_CERTIFICATENET::ERR_CERT_REVOKEDAllowedAllowedAllowed
pinning-testMOZILLA_PKIX_ERROR_KEY_PINNING_FAILURENET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAINAllowedAllowedAllowed
no-common-nameAllowedAllowedAllowedAllowedAllowed
no-subjectAllowedAllowedResetResetReset
incomplete-chainAllowedAllowedResetAllowed"Incorrect SSL certificate"
sha1-intermediateSEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLEDAllowedAllowedAllowedAllowed
sha256AllowedAllowedAllowedAllowedAllowed
sha384AllowedAllowedAllowedAllowedAllowed
sha512AllowedAllowedAllowedAllowedAllowed

1000-sans

AllowedAllowedAllowedAllowedAllowed
10000-sansSSL_ERROR_RX_MALFORMED_HANDSHAKEERR_SSL_PROTOCOL_ERRORBlockedBlockedBlocked

ecc256

AllowedAllowedAllowedAllowedAllowed
ecc384AllowedAllowedAllowedAllowedAllowed
rsa2048AllowedAllowedAllowedAllowedAllowed
rsa8192AllowedAllowedAllowedAllowedAllowed
Cipher Suite




cbcAllowedAllowedAllowedAllowedAllowed
rc4-md5SSL_ERROR_NO_CYPHER_OVERLAPERR_SSL_VERSION_OR_CIPHER_MISMATCHResetBlockedBlocked
rc4SSL_ERROR_NO_CYPHER_OVERLAPERR_SSL_VERSION_OR_CIPHER_MISMATCHResetBlockedBlocked
3desAllowedAllowedAllowedAllowedAllowed
nullSSL_ERROR_NO_CYPHER_OVERLAPERR_SSL_VERSION_OR_CIPHER_MISMATCHResetBlockedBlocked
mozilla-oldAllowedAllowedAllowedAllowed
mozilla-intermediateAllowedAllowedAllowedAllowed
mozilla-modernAllowedAllowedAllowedAllowed
Key exchange




dh480SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEYERR_SSL_VERSION_OR_CIPHER_MISMATCHResetAllowedAllowed
dh512SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEYERR_SSL_VERSION_OR_CIPHER_MISMATCHResetAllowedAllowed
dh1024AllowedERR_SSL_VERSION_OR_CIPHER_MISMATCHAllowedAllowedAllowed
dh2048AllowedERR_SSL_VERSION_OR_CIPHER_MISMATCHAllowedAllowedAllowed
dh-small-subgroupAllowedERR_SSL_VERSION_OR_CIPHER_MISMATCHAllowedAllowedAllowed
dh-compositeAllowedERR_SSL_VERSION_OR_CIPHER_MISMATCHResetAllowedAllowed
static-rsaAllowedAllowedAllowedAllowedAllowed
Certificate Transparency




invalid-expected-sctAllowedNET::ERR_CERTIFICATE_TRANSPARENCY_REQUIREDAllowedAllowedAllowed
Defunct




sha1-2016SEC_ERROR_EXPIRED_CERTIFICATE

NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

ResetAllowed"Incorrect SSL certificate"
sha1-2017SEC_ERROR_EXPIRED_CERTIFICATENET::ERR_CERT_WEAK_SIGNATURE_ALGORITHMResetAllowed"Incorrect SSL certificate"

About the red "Allowed" items above

Any of the red "Allowed" items in the table above are indicators that a connection is allowed, while a secure browser configuration will not allow it. Let's consider the case where a certificate for a website is revoked. First, let's visit such a site with Chrome and a direct internet connection:

Chrome doesn't allow the connection to a website with a revoked HTTPS certificate. The reasoning here is that certificates are revoked for a reason: they are no longer safe to use. An example reason for a certificate being revoked is when a private key is leaked to the public. At this point, communications between the server and the client will no longer be secure, as an attacker with the private key may be able to decrypt the communications. Now let's try the same connection when the client system has its internet connection provided by Untangle SSL Inspector:

Whoops! With SSL inspection enabled for all traffic, Untangle allows clients to connect to sites that have had their certificates revoked.

About the yellow "Reset" items above

When a connection is insecure, the client browser will often display reasons for why this is the case.   For example, the following is what the user sees if Chrome is used with a direct internet connection to visit a website that provides an expired certificate:

While the technical details of what NET::ERR_CERT_DATE_INVALID may be outside the grasp of many users, the friendly description of the consequences of proceeding with the connection are clearly explained. That is, an attacker may be able to steal passwords, messages, or credit cards. Let's proceed attempting to make the same connection through the Untangle SSL Inspection product:

Here, the browser recommends that the user verify their internet connection and firewall, and run Windows Network Diagnostics. None of which will actually address the problem.

About the yellow "Incorrect SSL certificate" items above

When connecting via an Entensys UserGate proxy that has been explicitly configured to validate SSL certificates (the default is to allow invalid certificates), the user is presented with HTML content that indicates that the SSL certificate is "incorrect," without mentioning what the problem is. For example, Google Chrome connected via UserGate configured in such a manner:

Conclusion

As first mentioned in the 2015 blog post The Risks of SSL Inspection, the ability to inspect HTTPS traffic does not come without its costs. Given the ease of testing the impact with the badssl.com website, this impact is now easier for users and network administrators to determine. The table above currently only contains results for the Untangle SSL Inspector product, however other similar products have similar results. HTTPS inspection is not something that can be done at the network level without negatively affecting the security of the clients.

HTTPS inspection aims to improve network security, but it does so at the cost of client security. In many cases, this is a reasonable trade-off for an organization to make. Just be sure that it is a conscious and well-informed decision.


  • No labels