|
|
|
|
|
|
by wolf550e
3469 days ago
|
|
|
Since they have the key for their own certificate, they can man in the middle forward secret connections too (these days, ECDHE). By supporting only non-PFS RSA key exchange with TLS 1.2, they had the ability to retroactively decrypt traffic without doing full man in the middle. Maybe they mirror a port on a switch and run an IDS/antivirus that decrypts the traffic and analyzes it. Maybe they log all traffic for a while and want to decrypt it only if needed. In any way, the solution someone came up with was to do Diffie Hellman but reuse the ephemeral key (make it static) and share it with the decryption box. This turns (EC)DHE into not forward secure key exchange. The client can notice this happens because the server will reuse the DH key. I didn't hear about any browser planning to warn the user about this. The ssllabs tester will complain. |
|
|