Topic "Question on GiveUpSecurityAndAcceptAnyTlsHostCertificate"

Author Message
chrislong2
[View user's profile]

Joined: 2015-07-02
Posts: 17
Location: USA
Hi Martin,

First, thank you for WinSCP, yada yada yada Smile Smile Seriously - you are swesome!

A Question: My understanding on GiveUpSecurityAndAcceptAnyTlsHostCertificate (and the related GiveUpSecurityAndAcceptAnySshHostKey) is that it accepts any TLS/SSL certificate as valid.

You mention though (and I found a few forum posts from you) where you say that this is bad security, almost like being completely insecure.

I do not fully understand this. Correct me if I am wrong, but if you use these options, then the TLS/SSL (or host key) is still used and required, it's just that it will blindly accept whatever certificate or key the server presents, right?

The only way that would be insecure then is if the certificate or key was maliciously replaced on the server, correct? As long as the cert or key presented by the server is legitimate on the server, then using that option is not any less secure then specifying the specific cert/key to use by fingerprint, right?

That is what I assume, but some of your posts make me wonder if I have missed something and that really these options do something else also that make the connection not be secure.

I agree that using these do open the potential for the connection to be insecure and their use should generally be discouraged in most cases (though there can be legitimate uses for them). But I'm just trying to get my handle on the exact effect of using these options.

Thanks,
Chris
Advertisements
martin◆
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26728
Location: Prague, Czechia
Did you read this?
https://winscp.net/eng/docs/ssh_verifying_the_host_key

It's about SSH, but it's the same with TLS/SSL.
chrislong2
[View user's profile]

Joined: 2015-07-02
Posts: 17
Location: USA
I had read that awhile back but just read again.

So basically, those 2 options will just blindly accept whatever cert or key is presented (though still requiring a cert in the case of FTP TLS/SSL). Thus s spoof/MITM attack could be successful if the network traffic is redirected to a different server. If my understanding is incorrect, please correct me. Otherwise, thanks! Smile
martin◆
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 26728
Location: Prague, Czechia
chrislong2 wrote:
So basically, those 2 options will just blindly accept whatever cert or key is presented (though still requiring a cert in the case of FTP TLS/SSL). Thus s spoof/MITM attack could be successful if the network traffic is redirected to a different server. If my understanding is incorrect, please correct me. Otherwise, thanks! Smile

Yes, that's correct. Except that the "redirected to a different server" can be misleading. The attacker can operate like a proxy only. So you while you are indeed connected to a different "server", you can get the look and feel of your actual server.
_________________
Martin Prikryl
chrislong2
[View user's profile]

Joined: 2015-07-02
Posts: 17
Location: USA
Thank you Martin. Smile
Advertisements

You can post new topics in this forum

Search

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License