Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

SECURITY BULLETIN: Trend Micro Products and US-CERT Advisory TA17-075A (HTTPS Interception Weakens TLS Security)

    • Updated:
    • 22 Mar 2017
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • Linux All
    • Windows 2008 Enterprise
    • Windows 2012 Enterprise
Summary
Release Date: March 22, 2017
Trend Micro Vulnerability Identifier(s): VRTS-588, 589
Platform(s): All
US-CERT Identifier: TA17-075A

The following bulletin serves as Trend Micro's official response on products potentially affected by the recent US-CERT advisory - TA17-075A: HTTPS Interception Weakens TLS Security.

Details
Public
Trend Micro is aware of the latest advisory from US-CERT mentioned above and is investigating to see if any Trend Micro products are affected.  This Security Bulletin will be updated with information on the affected product(s), as well as any applicable solutions or workarounds available, if any are found to be affected.  
As of the time of this posting, no Trend Micro products are known to be affected by the issues raised in the advisory.
More specific details on why Trend Micro Deep Security is NOT affected - which was specifically mentioned as a product that may be in a related blog - can be found below.

 

The advisory from US-CERT entitled “HTTPS Interception Weakens TLS Security” (TA17-075A) points out the risks involved in the use of HTTPS interception products. In response to this advisory Trend Micro has analyzed the Trend Micro Deep Security SSL/TLS inspection feature and found that it is not affected by any of the risks discussed in this advisory.

As presented in the advisory, HTTPS interception makes use of a man-in-the-middle (MITM) attack at the SSL layer where the interceptor terminates the client SSL session and initiates a new SSL session to the server impersonating the client. This allows the interceptor to inspect the decrypted traffic between the client and the server.

The Deep Security SSL inspection feature does not use the MITM method to decrypt TLS traffic. Deep Security can only be applied to the server side of an HTTPS session and not on the client side. It uses the TLS handshake packets as well as the web server Certificate and private key to determine the encryption keys for the session. As a result it is not affected by the risks of MITM interception. It does not require addition of any trusted certificates on client devices or browsers. The Deep Security SSL inspection feature does not interfere in any way in the end to end trust validation between the HTTPS client and the server. This means that all necessary information including protocols, ciphers, and certificate chain are available to the client to make a valid decision of whether the server is legitimate or not.

External Reference(s)

Premium
Internal
Rating:
Category:
Update
Solution Id:
1116959
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.