About three years ago, I was having breakfast with a friend of mine who was talking about a particular appliance product that claimed to be capable of transparently/silently intercepting all SSL/TLS traffic so that it could be inspected. He was asking me how this might be done.
In the SSL/TLS protocol, the client is supposed to validate the server. The server presents a certificate that is digitally signed, possibly with multiple signatures. The client is supposed to look at all the signatures and try to trace the lineage back to a trusted source so it knows all the endorsements on the certificate have been validated. To this day, many applications don’t do this check at all, and just ignore the server certificate. Or they do insufficient validation of the certificate (for instance, looking to see that VeriSign has endorsed it, but not looking to see if it is the expected vendor’s certificate).
Well, you can certainly do it if all the clients are set up to use SSL/TLS through a proxy server. Or, you could install a root certificate on all your clients and lie to them about who they’re talking to. Or, you could just replace the valid certificate with one of your own, and most applications won’t notice (though web browsers will generally prompt users with a security warning the first time they see the certificate). The appliance in question was probably taking one of these approaches. But it struck me that there was another, more devious way.
The trick is ...