-1

QUESTION: The initial request/response HTTPS communication between client and server are not encrypted, except for the CA certificate in the response? If so, what prevents a hacker from seeing the initial client request to the server, and intercept the response from the server, containing its CA certificate, decrypting the certificate with the CA's public key, get the server's public key in the certificate, and use it to encrypt its own symmetric key and send to the server, thereby bypassing the client, and establishing a bogus dialog between hacker and server?

JIm G.
  • 21
  • 2
  • 2
    Welcome to Stack Overflow. This is more aligned with Information Security Stack Exchange. – ewokx Jul 29 '22 at 06:14
  • Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Jul 31 '22 at 09:18

1 Answers1

0

This question has already been answered here.

TL;DR What you are defining is a Man-In-The-Middle attack on SSL, and this can happen only if one of SSL preconditions is broken.

Juan González
  • 254
  • 1
  • 5
  • can you explain why my scenario is flawed? Thanks! – JIm G. Jul 29 '22 at 06:31
  • There are several reasons. Unless the client is not validating the Certificate with a third-party authority, the hacker has stolen server's private key or a fake CA has been injected in the trusted CAs of the client, your scenario won't work. Take a look at https://httptoolkit.tech/blog/chrome-android-certificate-transparency/ also. – Juan González Jul 29 '22 at 06:42
  • I understand that SSL protects clients from a dialogue with a hacker. My scenario is a hacker having a dialogue with the server. But I guess the issues is somewhat moot because a server should not be sending sensitive data unless they also verify the client via a CA certificate of user/password, right? – JIm G. Jul 29 '22 at 07:01
  • That's called Mutal TLS, and no. Your scenario is impossible because you can't decrypt anything with a public key, only encrypt. – Juan González Jul 29 '22 at 07:11
  • One last point, In my scenario, the hacker is sending his symmetric key to the server to use, so the server's subsequent responses will use that key which the hacker can decrypt responses. – JIm G. Jul 29 '22 at 07:35