I came across this article today about how people continue to break TLS sessions for monitoring purposes. Like, in exactly the way that US-CERT warned everybody not to do last year.
As background, there are essentially two ways in common usage to do monitoring from a middleware box when TLS is involved. Vendors tend to call it something different in the marketing for their various products, so for our purposes let’s refer to the two modes as “transparent snooping” (MITM knows the keys) and “reverse proxying” (because that’s essentially what it is).
We all probably know that the ol’ “transparent snooperino” breaks under TLS 1.3 (which, for the record, is already here in OpenSSL and now WolfSSL), but the old-school reverse proxy (where you terminate the session in front of the web server and proxy it – encrypted or otherwise – to some server behind it) has a number of various problems, the most severe of which include things like people not implementing the protocol correctly, not validating certificates, being overly lax in security decisions (that the protocol assumes will be made by the user but in this case aren’t because the user isn’t in the loop), etc. The CERT advisory spells it out so I won’t go through them all again here.
But here’s what sizzles my bacon: why is it that nobody is coming up with an alternative here? For example, maybe I want to snoop on application traffic to validate it somehow. One way that I could do that is to break the TLS session (the way that people are still doing it now), suffering a performance and security hit along the way. But why would I do that when I could do it in a smarter way?
For example, another way that I might choose to do it is to “shim” the web server. Ok, not exactly a shim but the same concept. Like, maybe I write a custom apache plugin that vectors off requests to a monitoring box. Or, I dunno, maybe I use mod_forensic which is designed for exactly this purpose. Maybe I configure mod_proxy to do it. See? No breaking of TLS required. Performance is better, security is better, and it’s architecturally more flexible. It does, however, require that vendors update their products to do it in a different way.
We really need to fix this and as yet I don’t see any movement in the marketplace toward some other model to replace this. Maybe some standardization could help (looking at you OASIS or OWASP).