Intercepting, decrypting and inspecting traffic over an encrypted channel
A network-based appliance includes a mechanism to intercept, decrypt and inspect secure network traffic flowing over SSL/TLS between a client and a server. The mechanism responds to detection of a session initiation request message from the client, the message being received following establishment...
Saved in:
Main Authors | , , , , , , |
---|---|
Format | Patent |
Language | English |
Published |
01.05.2018
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | A network-based appliance includes a mechanism to intercept, decrypt and inspect secure network traffic flowing over SSL/TLS between a client and a server. The mechanism responds to detection of a session initiation request message from the client, the message being received following establishment of a TCP connection between the client and server. The mechanism responds by holding the session initiation request message, preferably by creating a fake socket to a local process, and then diverting the request message over that socket. The TCP connection is then terminated, and the mechanism initiates a new session in initiation request message, all while the original session initiation request message continues to be held. The server responds with its server certificate, which is then used by the mechanism to generate a new server certificate. The new server certificate is then returned to the requesting client as the response to the session initiation request message. |
---|---|
Bibliography: | Application Number: US201414526215 |