"Furthermore, certificate-chain verification errors are infrequently forwarded to the client, leading a client to believe that operations were performed as intended with the correct server," the organization said.
On the BadSSL website, organizations can check if their HTTPS inspection products improperly validate certificates or allow for insecure ciphers. The client test from Qualys SSL Labs also can check for some known TLS vulnerabilities and weaknesses.
The CERT Coordination Center at Carnegie Mellon University has published a blog post with more information on the common pitfalls of HTTPS interception, as well as a list of products that may be vulnerable.
Sign up for MIS Asia eNewsletters.