2

I have read through the previous discussion on the same topic here, here and a few other places. While I understand that during the course of TLS communication, a MiTM is quite not possible, what are the chances of MiTM attack during TLS handshake?

I realize that TLS client hello, server hello and the following packets sent before establishing the key cannot be encrypted. For establishing the key, TLS uses Diffie Hellman protocol. SO will the traditional Man in the Middle attack still work here?

Community
  • 1
  • 1
proteann
  • 33
  • 1
  • 7
  • 1
    Thanks for the reply. I am aware of the above post, but that was for post-handshake. That is once the key is established. I would like to know the possibility of it before key establishment! – proteann Feb 15 '15 at 00:20
  • No it isn't. It is for the complete process. Look again. NB a comment isn't a reply. – user207421 Feb 15 '15 at 00:22

2 Answers2

3

High level view: At the end of the handshake a signature is done covering the whole handshake. This signature implicitly includes that only the server knows the private key of the certificate. Thus the signature can not be faked by a man-in-the-middle as long as the certificate was properly validated by the client.

If you need a more detailed view on how this process really works you will find lots of information on the internet.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • 1
    So: if the attacker signs the handshake with his own certificate, he could pretend to be the server (the handshake process won't protect against this); but then the browser will report an error that the certificate is either untrusted or it doesn't match the host. – Mike Rosoft Aug 21 '20 at 05:09
0

Just a remark, DH exchange is just a way to exchange keys without knowing the private keys for encryption. There is nothing inside it to prevent MITM attack. But if the public key (for both client and server) is validated through some exchange with third party like certification authority, then now MITM attack is not possible, as end-to-end the public key has be verified, so modification in between is mathematically infeasible. Reference:

http://slideplayer.com/slide/5938889/

enter image description here

Peter Teoh
  • 6,337
  • 4
  • 42
  • 58