Geek Answers Handbook

Checked if the domain name of the server during the establishment of SSL-connection

At the time of SSL connection establishment, is this the domain name of the server verified during SSL confirmation, I mean that the domain name of the certified server is checked for the domain on which the server is running?

Example. Suppose the server certificate has the domain mydomain.com. And if the server is running in someotherdomain.com domain ... Is it cheked during SSL confirmation and canceled since mydomain.com is not someotherdomain.com?

0
source share
3 answers

It depends...

The SSL / TLS standard does not specify how and when a server certificate is verified.

From the introduction :

[...] decisions on how to initiate a TLS connection and how to interpret exchangeable authentication certificates are left to the discretion of protocol developers and developers who work on top of TLS.

At the same time, although it does not indicate how authentication should be performed, implementations should perform this check during a handshake (or, at least, immediately after):

  • See Appendix D.
  • Some error messages are clearly related to certificate authentication failure ( bad_certificate , certificate_expired , ...).
  • Part of the text in the handshake review : "[...] If the server is authenticated, it can request a certificate from the client if it is suitable for the selected cipher suite."

In most cases, the certificate verification itself is guided by RFC 3280 / RFC 5280 . The number of SSL / TLS stacks will at least do this by default.

Verifying the host name, which can be considered one of the steps of certificate authentication, has historically been implemented separately. This is mainly due to the fact that RFC 3280 / RFC 5280 did not consider this step and left it in every application protocol. There is a relatively recent attempt at harmonization in RFC 6125 (you can find the differences in the protocols in Appendix B).

Whether the host name verification is checked during SSL / TLS communication establishment depends on the library used and how you configured it.

For example, before Java 7, this had to be done separately from the main JSSE API ( SSLSocket / SSLEngine ). (For example, this was done in HttpsURLConnection , but it sits on top of JSSE, not inside.) Starting with Java 7, you can perform this check during a handshake and inside JSSE using the X509ExtendedTrustManager , but you need to configure this using SSLParameters.setEndpointIdentificationAlgorithm(...) , which only supports HTTPS and LDAPS (in this case, even if your service does not use HTTP, using HTTPS for the endpoint identification algorithm will not be a bad choice, certainly better than nothing).

Other SSL / TLS libraries or packaging other libraries in other languages ​​have at least callbacks for this. Regardless of whether they are used (and used correctly) by developers, as shown in this article . (You may also be interested in this question in Security.SE.)

+2
source

Not. Hostname verification is part of HTTPS, not SSL.

0
source

Yes. When establishing an SSL connection, the proper client must compare the host name with which it connects to the domain names specified in the certificate. Not doing this makes TLS useless, as MITM attacks would be trivial otherwise.

Please note that there is a lot of poorly written software that accepts any submitted certificates and does not perform proper certificate verification. A report has recently been published on this issue regarding Android software. It seems that thousands of software products offered (mostly free) do not perform due diligence, which poses a security risk to their users.

0
source

More articles:


All Articles