-4

There is not much an average end-user can do about their internet connection or available hardware/software.

If you live in Kazakhstan, you'll have all https MitM'ed since 2016-01-01, since the country has to know what blogs people are reading, and the widespread https for public content makes it much more difficult to accomplish without MitM'ing the connection. http://archive.is/http://telecom.kz/en/news/view/18729

Likewise, SHA1 sunset will block millions from encrypted net, Facebook warns.

If my site employs https and TLS, how do I properly enable downgrade support in TLS, to not lose any audience that may be incapable of establishing a truly secure TLS connection?

cnst
  • 1,884
  • 2
  • 19
  • 30
  • I m not sure what you are asking. Are those links to non-English pages relevant to your question? If so, can you summarize them. If not, can you delete them. – Neil Smithline Dec 12 '15 at 04:33
  • Which non-English pages? The links provided are all in English, and are summarised within the question. – cnst Dec 12 '15 at 05:29
  • Sounds like any Kazakhi internet user out there should cease and desist from using the internet for buying and selling anything. Financial information's a lot more desirable than what blogs are being read, probably a governmental five-finger discount tax is in the cards. Supporting TLS downgrade just plays right into aiding and abetting. – Fiasco Labs Dec 12 '15 at 05:34
  • https://archive.is/aVQCA is not English. Google Translate doesn't do a bad job but hard to be sure. – Neil Smithline Dec 12 '15 at 05:39
  • Just read the comment you made to @VirtualJJ's answer. Is your question about how to configure your site so that it works in Kazakhstan in the face of the new laws? – Neil Smithline Dec 12 '15 at 05:41
  • Thanks @NeilSmithline. I shouldn't have assumed; wanting to enable a downgrade attack is something that I didn't expect in an Information Security forum. Should I leave my answer or delete it? –  Dec 12 '15 at 05:44
  • If you want @VirtualJJ. Or you can wait until the question gets shaken out a bit better and then decide. – Neil Smithline Dec 12 '15 at 05:48
  • @NeilSmithline, I've clarified the question, and removed the duplicate link – cnst Dec 12 '15 at 11:24
  • 2
    Per @SteffenUllrich's answer, I think that the correct terminology seems to be `SSL interception` and not `SSL downgrading`. – Neil Smithline Dec 12 '15 at 15:43
  • After the edit, it seems like this needs to be migrate to serverfault. It's asking about the configuration of a server. – schroeder Dec 12 '15 at 18:22

3 Answers3

2

Nothing.

The security community has no interest in compromising user security or enabling governments to spy on their citizens. Even if we would want to make it easy for the Kazakhstani government to perform their man in the middle (MITM) attack – this would compromise the security of all users.

As far as I know, they try to force their citizens to install a root certificate on all of their devices to enable them to perform the MITM attack; this is comparable to Lenovo users that have a Superfish root certificate installed: a blatant attack on transport security that must be defended against.

Good ways to do that are:

Beat
  • 769
  • 1
  • 6
  • 16
1

If my site employs https and TLS, how do I properly support downgrade attacks against it?

There are several kind of downgrade attacks like stripping SSL, SSL protocol downgrades (TLS 1.2 to SSL 3.0, see https://alpacapowered.wordpress.com/2014/10/20/ssl-poodle-attack-what-is-this-scsv-thingy/) or downgrades from a secure cipher to a weak cipher (i.e. WeakDH).

But given your examples I don't think you are talking about downgrade attacks at all, but about SSL interception. Thus I will concentrate on interception, but most of the tips will also be true for SSL stripping attack.

There is nothing you must do to explicitly allow SSL interception. But interception will not work if you use client certificates. It might not work if you use a uncommon CA for your certificates (or use self-signed certificates), but this depends on the configuration of the the interception system, that if it is properly checking certificates or not.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Cert pinning is also a problem. – Neil Smithline Dec 12 '15 at 15:40
  • @NeilSmithline: Pinning is usually not a problem. As long as the proxy CA certificate from the interception device is explicitly imported into the browser all browsers ignore pinning if the certificate is signed by the proxy CA. – Steffen Ullrich Dec 12 '15 at 15:44
  • Good point. Is it a problem if the pinned cert is in the browser being delivered? Not something that is likely to occur in this situation, just a question. – Neil Smithline Dec 12 '15 at 15:46
  • @NeilSmithline: If you use Chrome or Firefox which both have pinned builtin certs for google.com these pinnings get ignored if you use SSL interception with an explicitly trusted proxy CA. – Steffen Ullrich Dec 12 '15 at 15:49
-3

It seems like nothing is being done about this.

Most browser developers and security advocates nowadays live in an ideal world where security is more important than information access for the less fortunate, so even though Google.com, for example, is still available via plain http, the Google Chrome team effectively tells the internet that http must be shutdown.

It would appear that the easiest way is to continue supporting http:// address scheme, and hope that users know that if they follow a link and the site doesn't work, they try to remove the s from https to see if that makes any difference.

cnst
  • 1,884
  • 2
  • 19
  • 30
  • 1
    From a security perspective – and we are on a security site – this is bad advice: we should not compromise user security because of bad policies! – Beat Dec 12 '15 at 16:38
  • @cnst You have other posts about this, but I am very confused about the problem. If the ISP wants to be the SSL MitM, then HTTPS will still work fine and users will be able to browse to sites. You appear to see a big problem, but you have not been clear on what that problem actually is. – schroeder Dec 12 '15 at 18:25