The United States Computer Emergency Readiness Team (“US-CERT”) announced last week that HTTPS interception may weaken Transport Layer Security (TLS), a widely used cryptographic protocol that encrypts communication between the client and the server. This issue may cause browsers to not validate HTTPS connections, therefore increasing the probability of a man-in-the-middle (“MiTM”) attack via malware that uses HTTPS connections to malicious servers. MiTM attacks may cause sensitive information to be stolen.
For US-CERT’s report, see https://www.us-cert.gov/ncas/alerts/TA17-075A.
For a list of possibly affected sites, see https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html.
ACA Aponix suggests following the guidelines provided by US-CERT:
If you have any questions, please contact your ACA Aponix consultant or email us at email@example.com