All Questions
Tagged with tls man-in-the-middle
451
questions
0
votes
0
answers
54
views
What is the security impact of disabling certificate check [duplicate]
I have this line of code in a client server project:
sslContext.init(null, new TrustManager[]{new TrustAnyManager()}, null);
A security guy pointed out that this is skipping the validation of the ...
- 67
0
votes
0
answers
52
views
In TLS, how are the Diffie-Hellman exchange parameters protected from a MITM attack? [duplicate]
Authentication alone will not stop a MITHM from intercepting and modifying plaintext exchanges, since he can let the authentication occur, then begin modifying the exchange data and neither end will ...
- 23
0
votes
0
answers
87
views
Decrypt TLS (DHE cypher) inside of TDS (Microsoft SQL Tabular Data Stream protocol)
Is there a possibility to decrypt TLS data encapsulated within TDS Microsoft TSQL protocol?
The TLS handshake seems to occur within TDS data, right after the TDS pre-login
The handshake itself is ...
- 113
0
votes
1
answer
334
views
Why can't we encrypt twice instead of having Cloudflare MITM half the internet?
First of all I want to address a thought I had which is that they might market their ability to read the encrypted code being sent so they can spot "bots" and such, and that this is why they ...
- 11
0
votes
3
answers
220
views
Does TLS interception necessarily require a self-signed certificate? Please explain why
A brief schema of a TLS intercepting proxy - the Client connects to the Host via the Proxy in a way which allows the Proxy to perform a (consensual) MITM.
[Client] -> [Proxy] -> [Host]
It's ...
- 511
0
votes
0
answers
208
views
Router level SSL Inspection
Is there any way I could inspect the traffic from an untrusted device connected to my network? I would like to get a router that has ssl inspection capabilities, where I could check the https packets ...
- 1
1
vote
0
answers
91
views
Triple handshake (TLS) EMS protection against attacks
In TLS we have such an extension as EMS (extended master secret).
It has been applied to protect the master secret. But I don't understand how it helps against triple handshake attack.
I assume that ...
- 11
0
votes
0
answers
93
views
Securing an internal tcp proxy
I am developing a TCP-Proxy in C#/.NET using dotNetty (Port of Netty). The proxy is translating messages between two different systems. It will be hosted on a server in the company network, so it is ...
- 101
0
votes
1
answer
544
views
Can China decrypt SSL as soon as people using their ISP?
While these VPNs can work inside of China, I wonder how private and secure they are since China is known for its great firewall, like most technically advanced countries. Are these methods working? ...
- 157
1
vote
2
answers
198
views
Evading authenticated diffie hellman with MITM
I understand that in a non-authenticated Diffie-Hellman setup, a man-in-the-middle attack can occur. Now i'm curious about the feasibility of the following scenario:
Let's assume a situation where www....
- 11
0
votes
0
answers
109
views
Could a trusted CA pretend to be me and run a MITM? [duplicate]
Sorry for the basic question, I'm still wrapping my head around the ins and outs of SSL and asymmetric encryption. In order to better test my understanding, I was considering the following thought ...
0
votes
2
answers
238
views
What prevents certificate authorities from issuing fraudulent TLS certificates?
There have been reports of attacks against certificate authorities resulting in the issuance of fraudulent TLS certificates for sites such as google.com, yahoo.com, and skype.com. These attacks seem ...
- 31
0
votes
1
answer
124
views
Suitable method of encryption for user-hosted chat platforms
I am considering how to make my chat application a bit more secure. It has a similar structure to IRC, multiple users can join each server, and servers can be hosted by anyone. I have been using TLS ...
- 103
1
vote
2
answers
840
views
How does the MITM attack work when a client does not check the hostname vs the certificate? [duplicate]
One of the Paho MQTT client SSL options allows checking whether "a certificate matches the given host name.". If I enable this option then I cannot establish a TLS connection to MQTT using ...
- 13
2
votes
4
answers
343
views
Using FIX over TLS, is there a need to sign FIX mesages?
We have 2 servers communicating, server A (a server that I own), and server B (server on the internet that I trust). I get some info from server B, which are FIX messages (https://en.wikipedia.org/...
