I\'ve read the various questions tagged [ssl] and [mitm] and [proxy] and I could

Question

I've read the various questions tagged [ssl] and [mitm] and [proxy] and I couldn't find a duplicate. I cannot find any documentation on this subject online.

All of the traffic is currently flowing through the firewalls, from here if it is port 80 or 443 then it is being pushed through to a web filtering system. The WEb Filtering system currently does SSL inspection, but the firewalls don't. What would be the impact if I performed SSL Decryption at both the firewall level, and also at the Web Filtering level ?

Would the target URL be aware that multiple SSL Interceptions have happened?

Thanks,

Explanation / Answer

Would the target URL be aware that multiple SSL Interceptions have happened?

In theory the target URL is not aware of SSL interception at all, no matter how many SSL interceptions you do. It only sees that it is doing the SSL handshake with some kind of client and can not see if it is doing the handshake directly with the browser or with some SSL interception device.

In practice it might be possible to detect an SSL interception device by the use of different ciphers or different cipher order or different protocol versions compared to the browser. Or it might be possible to detect interception by some other non-browser features, like accepting certificates the browser would not. But in this case only the device nearest to the server can be detected this way and further devices not, because they don't do SSL handshakes with the server directly.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.