The Security Impact of HTTPS Interception
As HTTPS deployment grows, middlebox and antivirus products are increasingly intercepting TLS connections to retain visibility into network traffic. In this talk, I present a comprehensive study on the prevalence and impact of HTTPS interception and show that web servers can detect interception.
I will characterize the TLS handshakes of major browsers and popular interception products and present a set of heuristics to detect interception and identify the responsible product. These heuristics have been deployed at three large network providers: (1) Mozilla Firefox update servers, (2) a set of popular e-commerce sites, and (3) the Cloudflare content distribution network. More than an order of magnitude more interception than previously estimated was found, with dramatic impact on connection security.
Join this talk to learn about TLC connection interception, why it impacts connection security and what can be done to monitor and address this security problem.