On the Validation of Web X.509 Certificates by TLS interception products

Author First name, Last name, Institution

Ahmad Samer Wazan, Zayed University
Romain Laborde, University of Toulouse
David Chadwick, University of Kent
Remi Venant, IRIT, Toulouse
Abdelmalek Benzekri, IRIT, Toulouse
Eddie Billoir, Paul Sabatier University
Omar Alfandi, Zayed University

Document Type

Article

Source of Publication

IEEE Transactions on Dependable and Secure Computing

Publication Date

1-1-2020

Abstract

The Transport Layer Security (TLS) protocol aims to provide confidentiality and integrity of data. It is based on X.509 Certificates. Our previous research showed that popular Web Browsers exhibit non-standardized behaviour with respect to the certificate validation process [1]. This paper extends that work by examining their handling of OCSP Stapling. We also examine several popular HTTPS interception products, including proxies and anti-virus tools, regarding their certificate validation processes. We analyse and compare their behaviour to that described in the relative standards. Finally, we propose a system that allows the automation of certificate validation tests.

DOI Link

10.1109/tdsc.2020.3000595

ISSN

1545-5971

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

Volume

PP

Disciplines

Computer Sciences

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Recommended Citation

Wazan, Ahmad Samer; Laborde, Romain; Chadwick, David; Venant, Remi; Benzekri, Abdelmalek; Billoir, Eddie; and Alfandi, Omar, "On the Validation of Web X.509 Certificates by TLS interception products" (2020). All Works. 2576.
https://zuscholars.zu.ac.ae/works/2576

Indexed in Scopus

no

Open Access

yes

Open Access Type

Hybrid: This publication is openly available in a subscription-based journal/series