New Way To Scan Ssl

Right now BitDefender installs a bogus root security certificate to allow it to scan SSL sessions by acting as a proxy (main-in-the-middle). This causes as many potential security problems as it solves. Indeed, I think that it is worse thus I run with "Scan SSL" set to off.


I believe that there is a non-invasive method available which would solve this problem when using either Firefox or Chrome: Session Key Logging. Both of these browsers write the current session key to a file for monitoring software to use. This allows the monitoring software to decrypt the stream without changing it in any way.


Wireshark does just this and it seems to work great. I'm asking that BitDefender offer this option for those security sensitive users who care enough to run Firefox or Chrome.


Thanks,

Comments

  • johnrs
    johnrs ✭✭✭

    P.S. I just ran across an excellent paper which describes the problems with the SSL/TLS Proxy technique, including specific Bitdefender failures, and also recommends Key Logging.


    https://madiba.encs.concordia.ca/~x_decarn/...xy-ndss2016.pdf

  • I support this. The "Scan SSL" feature seems to be broken, so I just turn it Off.

    PS- I would Vote Up on this, but I've been told I've reached my quota even though I've never voted. Maybe it's because I'm a new user...