To Intercept or Not to Intercept:
Analyzing TLS Interception in Network Appliances


    This work is related to the TLS Interception feature of network appliances. Network appliances often deploy HTTPS proxies to intercept TLS traffic, decrypt it and pass it to applications. While this feature allows web applications to parse and analyze plaintext traffic, it also potentially introduces numerous vulnerabilities that could be catastrophic for the clients behind the appliance.

    We develop a framework for testing and analyzing the impact of TLS interception for network appliances. We analyze network appliances using the proposed framework and uncover critical weaknesses in the certificate validation process, private key protection, TLS parameters mapping and the trusted Certificate Authorities stores.

    On this website, you can find the ACM ASIACCS 2018 paper, the certificate validation tests, and an extended paper that includes the results of 7 additional network appliances.

    Authors: Louis Waked, Mohammad Mannan, and Amr Youssef