Trend Micro Vulnerability Identifier(s): VRTS-588, 589
US-CERT Identifier: TA17-075A
The following bulletin serves as Trend Micro's official response on products potentially affected by the recent US-CERT advisory - TA17-075A: HTTPS Interception Weakens TLS Security.
The advisory from US-CERT entitled “HTTPS Interception Weakens TLS Security” (TA17-075A) points out the risks involved in the use of HTTPS interception products. In response to this advisory Trend Micro has analyzed the Trend Micro Deep Security SSL/TLS inspection feature and found that it is not affected by any of the risks discussed in this advisory.
As presented in the advisory, HTTPS interception makes use of a man-in-the-middle (MITM) attack at the SSL layer where the interceptor terminates the client SSL session and initiates a new SSL session to the server impersonating the client. This allows the interceptor to inspect the decrypted traffic between the client and the server.
The Deep Security SSL inspection feature does not use the MITM method to decrypt TLS traffic. Deep Security can only be applied to the server side of an HTTPS session and not on the client side. It uses the TLS handshake packets as well as the web server Certificate and private key to determine the encryption keys for the session. As a result it is not affected by the risks of MITM interception. It does not require addition of any trusted certificates on client devices or browsers. The Deep Security SSL inspection feature does not interfere in any way in the end to end trust validation between the HTTPS client and the server. This means that all necessary information including protocols, ciphers, and certificate chain are available to the client to make a valid decision of whether the server is legitimate or not.