Documente Academic
Documente Profesional
Documente Cultură
AGENDA
Overview
PKI - How trust and certificates work
Tunneling vs Interception
SSL Decryption Best Practices
Configuration Steps
OVERVIEW
SSL HANDSHAKE
Explicit
Explicit Proxy
Proxy
configured
configured
1.1.1.1
1.1.1.1 :: 8080
8080
CONNECT https://www.happycatco.com:443
http/1.1
Port 8080
TCP Handshake :
443
200 CONNECT
Established
CERTIFICATE AUTHORITY
CERTIFICATE VALIDATION
TUNNELING VS INTERCEPTION
10
11
12
MESSAGE FLOW
13
SSL
Interception
Yes
Yes
Yes
Yes
Yes
Yes
No
Yes
No
Yes
No
Yes
No
Yes
14
INTERCEPT ON EXCEPTION
15
HTTPS PROXY
(POLICY ACTIONS)
SSL :
443
SSL :
443
Certifica
te
Tunnel (do not intercept)/ Decrypt / Deny
Certificate
Tunnel
(unmodified)
Traffic
Tunneled
Decrypt/Deny
16
LOGGING FACILITIES
17
18
SSL DECRYPTION
METHODOLOGY
Caveats :
Country specific legal policies may prevent use of SSL decryption without
user notification
SSL traffic is often considered by law as private/confidential traffic for end
users
19
20
Be sure to identify all of them before decrypting SSL sessions (at least the
critical ones) :
Management can be done through Whitelist
These applications wont be decrypted
Consider to test Intranet applications in case they are accessed through Proxies
21
22
23
24
CONFIGURATION STEPS
25
26
27
Explict Environments
Transparant Environments
Set HTTPS service to Intercept
28
29
Give it a name
Issuer CCL:
The issuer CCL attribute allows
the administrator to specify the
certificate authorities (issuers) for
which the responder in question
is the designated responder
Reponse CCL:
This attribute is used during
verification of OCSP responses
30
31
32
33
john.dyer@bluecoat.com
34
Q&A
Questions?
35