SSL deep packet inspector
10 views
Skip to first unread message
urielka
Feb 15, 2011, 1:42:04 PM2/15/11
to PyWeb-IL
Hi all,
I know this is not python related,but i just saw this appliance(http://
www.sslinspector.com/pages/appliance ) that does deep packet
inspection(http://en.wikipedia.org/wiki/Deep_packet_inspection) for
SSL and was wondering how the hell it works?
SSL is suppose to encrypt traffic in a way that it prevents such man-
in-the-middle attacks.
A SSL proxy wouldn't work as the client will show a warning that the
certificate is not real.
I know this is not python related,but i just saw this appliance(http://
www.sslinspector.com/pages/appliance ) that does deep packet
inspection(http://en.wikipedia.org/wiki/Deep_packet_inspection) for
SSL and was wondering how the hell it works?
SSL is suppose to encrypt traffic in a way that it prevents such man-
in-the-middle attacks.
A SSL proxy wouldn't work as the client will show a warning that the
certificate is not real.
rouli nir
Feb 15, 2011, 3:14:30 PM2/15/11
to pywe...@googlegroups.com
from their whitepaper:
During SSL session establishment, the SSL Inspector appliance acts as a Certificate Authority (CA). The server certificate that would be usually stored in the server and transmitted to the client as part of the SSL protocol is transparently re-signed by the SSL Inspector. The name of the server in the certificate remains un- changed, but the signature of the CA belonging to the SSL Inspector is applied. A key is maintained for the SSL server in which all of the details are known to the SSL Inspector appli- ance. The modified certificate is transmitted to the SSL client. Instead of the original server key, a different key is used between the SSL Inspector and SSL client. Since the private key associ- ated with the modified certificate is known to the Netronome SSL Inspector, the whole SSL handshake can proceed success- fully. If the SSL clients are configured to use the Netronome SSL Inspector as a trusted Certificate Authority the SSL client will see the server certificate as a valid CA-signed certificate. This process is called “re-signing,” and allows the Netronome SSL Inspector to transparently intercept SSL communications.
During SSL session establishment, the SSL Inspector appliance acts as a Certificate Authority (CA). The server certificate that would be usually stored in the server and transmitted to the client as part of the SSL protocol is transparently re-signed by the SSL Inspector. The name of the server in the certificate remains un- changed, but the signature of the CA belonging to the SSL Inspector is applied. A key is maintained for the SSL server in which all of the details are known to the SSL Inspector appli- ance. The modified certificate is transmitted to the SSL client. Instead of the original server key, a different key is used between the SSL Inspector and SSL client. Since the private key associ- ated with the modified certificate is known to the Netronome SSL Inspector, the whole SSL handshake can proceed success- fully. If the SSL clients are configured to use the Netronome SSL Inspector as a trusted Certificate Authority the SSL client will see the server certificate as a valid CA-signed certificate. This process is called “re-signing,” and allows the Netronome SSL Inspector to transparently intercept SSL communications.
--
You received this message because you are subscribed to the Google Groups "PyWeb-IL" group.
To post to this group, send email to pywe...@googlegroups.com.
To unsubscribe from this group, send email to pyweb-il+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/pyweb-il?hl=en.
uriel katz
Feb 15, 2011, 3:18:56 PM2/15/11
to pywe...@googlegroups.com
Thanks nir,so it is a SSL proxy,so nothing new :)
--
-Uriel Katz
-Uriel Katz
Reply all
Reply to author
Forward
0 new messages