The use of TLS interception by outbound proxy servers is causing serious problems in updating the TLS standard to Version 1.3.
At the same time, middlebox and antivirus products increasingly intercept (i.e., terminate and re-initiate) HTTPS connections in an attempt to detect and block malicious content that uses the protocol to avoid inspection . Previous work has found that some specific HTTPS interception products dramatically reduce connection security ; however, the broader security impact of such interception remains unclear. In this paper, we conduct the first comprehensive study of HTTPS interception in the wild, quantifying both its prevalence in traffic to major services and its effects on real-world security.
This is the same problem that middleboxes cause anywhere on the Internet – Firewalls, NAT gateways, Inspection, QOS, DPI. Because these complex devices are rarely updated and hard to maintain, they create failures in new protocols. IPv6 rollout has been slowed by difficult upgrades. The same problem is happening with TLS. Its undesirable to fall back to insecure TLS standards that “work” but are insecure.
The EtherealMind View
The business need for proxy servers or protocol interception is for a small range of activities
- Scan Internet content for malware etc.
- Monitor employee behaviour and time is spent working and assist HR as needed.
- Prevent content theft. Or at least, provide audit data for legal cases for theft.
- Prevent unintentional data leakage
Poorly maintained proxy servers mean that real security is being compromised. And by “poorly maintained” I would point the finger at customers and vendors equally. Vendors are slow to update their apps and operating systems while customers have learned not to trust their vendors leading to reluctance to upgrade for fear of service outage.
Source: Link: The Security Impact of HTTPS Interception – https://jhalderm.com/pub/papers/interception-ndss17.pdf