Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Some HTTPS inspection tools might weaken security

Lucian Constantin | March 20, 2017
Many security products that intercept HTTPS traffic don't properly validate certificates, US-CERT has warned

"Furthermore, certificate-chain verification errors are infrequently forwarded to the client, leading a client to believe that operations were performed as intended with the correct server," the organization said.

On the BadSSL website, organizations can check if their HTTPS inspection products improperly validate certificates or allow for insecure ciphers. The client test from Qualys SSL Labs also can check for some known TLS vulnerabilities and weaknesses.

The CERT Coordination Center at Carnegie Mellon University has published a blog post with more information on the common pitfalls of HTTPS interception, as well as a list of products that may be vulnerable.

 

Previous Page  1  2 

Sign up for MIS Asia eNewsletters.

COMMENTS
blog comments powered by Disqus