International audienceThe Transport Layer Security (TLS) protocol is designed to allow two parties, a client and a server, to communicate securely over an insecure network. However, when TLS connections are proxied through an intermediate middlebox, like a Content Delivery Network (CDN), the standard end-to-end security guarantees of the protocol no longer apply. In this paper, we investigate the security guarantees provided by Keyless SSL, a CDN architecture currently deployed by CloudFlare that composes two TLS 1.2 handshakes to obtain a proxied TLS connection. We demonstrate new attacks that show that Keyless SSL does not meet its intended security goals. These attacks have been reported to CloudFlare and we are in the process of discuss...
The world is becoming strongly dependent on computers, and on distributed communication between comp...
Normally, secure communication between client-server applications is established using secure channe...
The TLS Internet Standard features a mixed bag of cryptographic algorithms and constructions, let-ti...
International audienceThe Transport Layer Security (TLS) protocol is designed to allow two parties, ...
Content delivery networks (CDNs) are an essential component of modern website infrastructures: edge ...
Abstract-Content delivery networks (CDNs) are an essential component of modern website infrastructur...
In the business world, data is generally the most important asset of a company that must be protecte...
Abstract—TLS was designed as a transparent channel abstrac-tion to allow developers with no cryptogr...
International audienceMuch of Internet traffic nowadays passes through active proxies, whose role is...
Abstract—TLS was designed as a transparent channel abstrac-tion to allow developers with no cryptogr...
Much of Internet traffic nowadays passes through active proxies, whose role is to inspect, filter, c...
International audienceTLS was designed as a transparent channel abstraction to allow developers with...
On today's Internet, combining the end-to-end security of TLS with Content Delivery Networks (CDNs) ...
—The Transport Layer ensures that data is sent transparently between end-users while also enabling ...
International audienceThe TLS Internet Standard, previously known as SSL, is the default protocol fo...
The world is becoming strongly dependent on computers, and on distributed communication between comp...
Normally, secure communication between client-server applications is established using secure channe...
The TLS Internet Standard features a mixed bag of cryptographic algorithms and constructions, let-ti...
International audienceThe Transport Layer Security (TLS) protocol is designed to allow two parties, ...
Content delivery networks (CDNs) are an essential component of modern website infrastructures: edge ...
Abstract-Content delivery networks (CDNs) are an essential component of modern website infrastructur...
In the business world, data is generally the most important asset of a company that must be protecte...
Abstract—TLS was designed as a transparent channel abstrac-tion to allow developers with no cryptogr...
International audienceMuch of Internet traffic nowadays passes through active proxies, whose role is...
Abstract—TLS was designed as a transparent channel abstrac-tion to allow developers with no cryptogr...
Much of Internet traffic nowadays passes through active proxies, whose role is to inspect, filter, c...
International audienceTLS was designed as a transparent channel abstraction to allow developers with...
On today's Internet, combining the end-to-end security of TLS with Content Delivery Networks (CDNs) ...
—The Transport Layer ensures that data is sent transparently between end-users while also enabling ...
International audienceThe TLS Internet Standard, previously known as SSL, is the default protocol fo...
The world is becoming strongly dependent on computers, and on distributed communication between comp...
Normally, secure communication between client-server applications is established using secure channe...
The TLS Internet Standard features a mixed bag of cryptographic algorithms and constructions, let-ti...