An academic study published last month shows that despite years worth of research into the woeful state of network traffic inspection equipment, vendors are still having issues in shipping appliances that don't irrevocably break TLS encryption for the end user.
Encrypted traffic inspection devices (also known as middleware), either special hardware or sophisticated software, have been used in enterprise networks for more than two decades.
System administrators deploy such appliances to create a man-in-the-middle TLS proxy that can look inside HTTPS encrypted traffic, to scan for malware or phishing links or to comply with law enforcement or national security requirements.
Also: Why 31% of data breaches lead to employees getting fired TechRepublic
All such devices work in the same way, creating a TLS server on the internal network and a TLS client on the external network. The TLS server receives traffic from the user, it decrypts the connection, allows the appliance to inspect the traffic, and then re-encrypts and relays the connection to the intended server by mimicking the browser via its own TLS client.
For many years, this has not been an issue, mainly because in the beginning, HTTPS connections were simple to set up. But as the technologies supporting TLS traffic have become more and more complex, it also became harder for vendors to support all types of connections without accidentally or intentionally downgrading HTTPS encryption.
In the last decade, security researchers have looked closely at the issue of TLS inspection appliances that break or downgrade encryption. There has been much research on the topic, from research teams from all over the world [1, 2, 3, 4, 5].
But despite years worth of warnings and research, some vendors still fail at keeping the proper security level of a TLS connection when relaying traffic through their equipment/software.
Academic research published at the end of September by three researchers from Concordia University in Montreal, Canada, shows that network traffic inspection appliances still break TLS security, even today.
The research team looked at 17 versions of 13 TLS network appliances between July 2017 and March 2018, including open source, free, low-end, and high-end TLS middleware appliances.
To do so, the research trio created an extensive framework that could analyze the TLS-related behaviors of appliance-based proxies and their potential vulnerabilities.
Researchers looked at TLS version and certificate parameter mapping, cipher suites, the private key generation and its protection, the content of the root CA store, known TLS attacks, and 32 certificate validation tests.
Also: KRACK attack: Here's how companies are responding CNET
The study was more than fruitful, finding several issues with almost all devices. The findings were as follow:
The research team says all appliance flaws were reported to their respective vendors after two series of tests in 2017 and 2018. Despite the reports, researchers said vendor responses were not what they expected.
"Overall, the disclosures appear to have limited impact on vendors," said the research team. "Many vendors completely ignored the security issues (Untangle, Microsoft, UserGate, and pfSense). More worryingly, some products even became worse over time (Cisco), and some patched product releases introduced new vulnerabilities compared to their older versions (WebTitan)."
Also: Worries arise about security of new WebAuthn protocol
Unfruitful, to say the least.
Researchers argue that since TLS middleware works as a proxy for client-to-web server connections, "they should maintain (at least) the same level of security as modern browsers." Similarly, as they act as a TLS server for web-to-client internal network connections, they should also be "securely configured like any up-to-date HTTPS server."
By abiding to these simple principles, researchers say middleware appliances should be simple to manage.
The testing framework used by the Concordia University crew is available for download from here. More details are available in a research paper entitled "The Sorry State of TLS Security in Enterprise Interception Appliances."