Question on GiveUpSecurityAndAcceptAnyTlsHostCertificate

Advertisement

chrislong2
Joined:
Posts:
19
Location:
USA

Question on GiveUpSecurityAndAcceptAnyTlsHostCertificate

Hi Martin,

First, thank you for WinSCP, yada yada yada :) :) Seriously - you are swesome!

A Question: My understanding on GiveUpSecurityAndAcceptAnyTlsHostCertificate (and the related GiveUpSecurityAndAcceptAnySshHostKey) is that it accepts any TLS/SSL certificate as valid.

You mention though (and I found a few forum posts from you) where you say that this is bad security, almost like being completely insecure.

I do not fully understand this. Correct me if I am wrong, but if you use these options, then the TLS/SSL (or host key) is still used and required, it's just that it will blindly accept whatever certificate or key the server presents, right?

The only way that would be insecure then is if the certificate or key was maliciously replaced on the server, correct? As long as the cert or key presented by the server is legitimate on the server, then using that option is not any less secure then specifying the specific cert/key to use by fingerprint, right?

That is what I assume, but some of your posts make me wonder if I have missed something and that really these options do something else also that make the connection not be secure.

I agree that using these do open the potential for the connection to be insecure and their use should generally be discouraged in most cases (though there can be legitimate uses for them). But I'm just trying to get my handle on the exact effect of using these options.

Thanks,
Chris

Reply with quote

Advertisement

chrislong2
Joined:
Posts:
19
Location:
USA

I had read that awhile back but just read again.

So basically, those 2 options will just blindly accept whatever cert or key is presented (though still requiring a cert in the case of FTP TLS/SSL). Thus s spoof/MITM attack could be successful if the network traffic is redirected to a different server. If my understanding is incorrect, please correct me. Otherwise, thanks! :)

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,440
Location:
Prague, Czechia

chrislong2 wrote:

So basically, those 2 options will just blindly accept whatever cert or key is presented (though still requiring a cert in the case of FTP TLS/SSL). Thus s spoof/MITM attack could be successful if the network traffic is redirected to a different server. If my understanding is incorrect, please correct me. Otherwise, thanks! :)
Yes, that's correct. Except that the "redirected to a different server" can be misleading. The attacker can operate like a proxy only. So you while you are indeed connected to a different "server", you can get the look and feel of your actual server.

Reply with quote

Advertisement

You can post new topics in this forum