What SSL ? How it works ?

Specially for https scanning

What SSL ? How it works ?

Postby ramkee » Mon Feb 16, 2015 6:33 pm

What is SSL?

SSL (Secure Sockets Layer), is the standard security technology for encrypting a connection between a web server and a browser. Once established, this connection will encrypt all traffic and ensure that all data passed between the web server and browser remains private. SSL is a standard and is used by millions of websites to protect their online transactions with their customers. Many software applications support SSL such as web browsers (Internet Explorer, Firefox, Safari), file transfer programs (SFTP), and email programs. However, in order to have an SSL encrypted connection, a web server requires an SSL Certificate.

How does SSL work?

When you prepare your web server to use SSL you will be asked a few questions about your website and your company including your web site's domain name and your company's name and location. Your web server then creates two cryptographic keys: a private key and a public key. Your private key must remain private or the SSL connection could be made vulnerable. The public key does not need to be secret and is placed into a Certificate Signing Request or CSR, a piece of encrypted text that you will submit to a certificate authority. The certificate authority will validate your details and issue the SSL certificate which you can then install to the web server with the private key to enable SSL. For more information, see SSL For Newbs.

In SafeSquid one can easily enable or disable SSL inspection with the help of SSL inspection section.

How does SSL inspection work with SafeSquid?

1. When clients requests a secure webpage https://www.google.com (a HTTPS site) from their browser, SafeSquid will get CONNECT request from the client browser.
2. SafeSquid will check configuration whether clients are allowed or denied to access to https://www.google.com. If access denied SafeSquid will send blocked template to clients and closes connection.
3. If access allowed to clients then SafeSquid checks whether SSL inspection enabled for site or not?
If SSL inspection disabled then SafeSquid resolve IP of google.com with the help of DNS and establishes connection to the http://www.google.com. Client browser checks the trust of the http://www.google.com server. Client browser Encrypts data using server public key and sends to server. There is no possibility for SafeSquid to check what client is sending to server and what is coming to clients from the server. SafeSquid will not check what is going on inside connection.

If SSL inspection enabled then
i) SafeSquid resolve IP of http://www.google.com with the help of DNS and establishes connection to the http://www.google.com.
ii) SafeSquid performs SSL handshake with server.

SafeSquid sends client hello message to the server in the process of SSL handshake.
SafeSquid will get server public key in server hello message from the server in the process of SSL handshake.
SafeSquid will check the trust of the http://www.google.com certificate with the help of trusted root ca bundle.
If SafeSquid finds that certificate expired or invalid then SafeSquid allows or blocks access to the site based on configuration.
If SafeSquid finds that server certificate is valid then SafeSquid performs SSL handshake with client.

After this SafeSquid uses server certificate (public key) to encrypt the data that will be sent to server. So servers can decrypt the data sent by the SafeSquid and returns response accordingly.

iii) SafeSquid performs SSL handshake with client.

Client browsers send client hello message to the SafeSquid server in the process of SSL handshake.
SafeSquid will check whether public key and private key for http://www.google.com site are exists in the disk or not. If not exists then SafeSquid will create public key and private key for http://www.google.com and store them in the disk for reusability.

SafeSquid will send created server public key in server hello message to the client browsers in the process of SSL handshake with client.
Client browsers now verify the trust of the certificate(public key) sent by SafeSquid. For this purpose we say clients to import Safesquid.cer certificate to their browsers trusted authority. Because of importing safesquid.cer to client browsers, SafeSquid created certificates will be trusted by client browsers.

After this client uses SafeSquid created certificate(public key) to encrypt the data that will be sent to SafeSquid. SafeSquid can decrypt the data sent by clients with the help of created private key and checks the data and sends it to server by encrypting data with the server public key.

Having SSL inspection feature some interesting things that we can do with this SafeSquid SWG
**Block access to consumer Google accounts
**Give Read only access to the Facebook, Twitter sites. Users can able to login into their accounts but they cannot able to do post or comment or like or chat.
**Enforce safe search or safety mode based searches in Google, Bing and Yahoo search engines and also we can enforce in any websites that are offering safety mode based search.
**Block images over Google
**Filter text, Images over HTTP and HTTPS sites
**Allow specified users to access or to login into specified HTTP and HTTPS sites and block others
**Can use Virus scanning for both HTTP and HTTPS sites
**Blocking attachments to Gmail and Block Gmail Chat
ramkee
Site Admin
 
Posts: 86
Joined: Fri Jan 02, 2015 5:23 pm

Re: What SSL ? How it works ?

Postby licavita » Thu Feb 04, 2016 9:43 pm

Hi there!
To implement SSL Inspection I need safesquid.cer archive to import to the browser client, but can't find it.
Pls could you tell me where may I find it?

Thanks
licavita
 
Posts: 1
Joined: Thu Feb 04, 2016 9:38 pm


Return to SSL inspection

Who is online

Users browsing this forum: No registered users and 1 guest

cron