{"id":815,"date":"2018-10-09T13:16:13","date_gmt":"2018-10-09T13:16:13","guid":{"rendered":"https:\/\/securitycurve.com\/?p=815"},"modified":"2018-10-09T13:16:13","modified_gmt":"2018-10-09T13:16:13","slug":"hey-you-stop-breaking-tls-sessions","status":"publish","type":"post","link":"https:\/\/securitycurve.com\/?p=815","title":{"rendered":"Hey you: stop breaking TLS sessions"},"content":{"rendered":"<p><img decoding=\"async\" class=\" alignright\" src=\"https:\/\/i.chzbgr.com\/full\/7101940224\/h6BADE357\/\" width=\"441\" height=\"376\" \/><br \/>\nI came across <a href=\"https:\/\/www.zdnet.com\/article\/its-2018-and-network-middleware-still-cant-handle-tls-without-breaking-encryption\/\">this article today<\/a> about how people continue to break TLS sessions for monitoring purposes.\u00a0 Like, in exactly the way that <a href=\"https:\/\/www.us-cert.gov\/ncas\/alerts\/TA17-075A\">US-CERT warned everybody not to do last year<\/a>.<\/p>\n<p>As background, there are essentially two ways in common usage to do monitoring from a middleware box when TLS is involved.\u00a0 Vendors tend to call it something different in the marketing for their various products, so for our purposes let&#8217;s refer to the two modes as &#8220;transparent snooping&#8221; (MITM knows the keys) and &#8220;reverse proxying&#8221; (because that&#8217;s essentially what it is).<\/p>\n<p>We all probably know that the ol&#8217; &#8220;transparent snooperino&#8221; breaks under TLS 1.3 (which, for the record, is <a href=\"https:\/\/www.openssl.org\/blog\/blog\/2017\/05\/04\/tlsv1.3\/\">already here in OpenSSL<\/a> and <a href=\"https:\/\/www.wolfssl.com\/docs\/tls13\/\">now WolfSSL<\/a>), but the old-school reverse proxy (where you terminate the session in front of the web server and proxy it &#8211; encrypted or otherwise &#8211; to some server behind it) has a number of various problems, the most severe of which include things like people not implementing the protocol correctly, not validating certificates, being overly lax in security decisions (that the protocol assumes will be made by the user but in this case aren&#8217;t because the user isn&#8217;t in the loop), etc.\u00a0 The CERT advisory spells it out so I won&#8217;t go through them all again here.<\/p>\n<p>But here&#8217;s what sizzles my bacon: why is it that nobody is coming up with an alternative here?\u00a0 For example, maybe I want to snoop on application traffic to validate it somehow.\u00a0 One way that I could do that is to break the TLS session (the way that people are <strong>still<\/strong> doing it now), suffering a performance and security hit along the way.\u00a0 But why would I do that when I could do it in a smarter way?<\/p>\n<p>For example, another way that I might choose to do it is to &#8220;shim&#8221; the web server.\u00a0 Ok, not exactly a shim but the same concept.\u00a0 Like, maybe I write a custom apache plugin that vectors off requests to a monitoring box.\u00a0 Or, I dunno, maybe I use <a href=\"http:\/\/httpd.apache.org\/docs\/2.2\/mod\/mod_log_forensic.html\">mod_forensic<\/a> which is designed for exactly this purpose.\u00a0 Maybe I configure <a href=\"https:\/\/httpd.apache.org\/docs\/2.4\/mod\/mod_proxy.html\">mod_proxy\u00a0<\/a>to do it.\u00a0 See?\u00a0 No breaking of TLS required.\u00a0 Performance is better, security is better, and it&#8217;s architecturally more flexible.\u00a0 It does, however, require that vendors update their products to do it in a different way.<\/p>\n<p>We really need to fix this and as yet I don&#8217;t see any movement in the marketplace toward some other model to replace this.\u00a0 Maybe some standardization could help (looking at you OASIS or OWASP).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I came across this article today about how people continue to break TLS sessions for monitoring purposes.\u00a0 Like, in exactly the way that US-CERT warned everybody not to do last year. As background, there are essentially two ways in common usage to do monitoring from a middleware box when TLS is involved.\u00a0 Vendors tend to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"<p><img class=\" alignright\" src=\"https:\/\/i.chzbgr.com\/full\/7101940224\/h6BADE357\/\" width=\"441\" height=\"376\" \/><br \/>So<\/p>","_et_gb_content_width":"","footnotes":""},"categories":[4],"tags":[24,119],"class_list":["post-815","post","type-post","status-publish","format-standard","hentry","category-security","tag-cert","tag-tls"],"_links":{"self":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts\/815","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=815"}],"version-history":[{"count":0,"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts\/815\/revisions"}],"wp:attachment":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=815"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=815"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=815"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}