TLS (Transport Layer Security) scanning method and device

Abstract

The embodiments of the invention provide a TLS (Transport Layer Security) scanning method, relating to the field of enciphered communication. During server-side scanning, the method can efficiently support the certification of various algorithms and / or clients. The method comprises the following steps that: a proxy receives a server initial message sent by a server, wherein the server initial message comprises algorithms selected by the server; and the proxy selects working modes correspondingly according to the algorithms selected by the server, wherein the working modes comprise a monitor mode and a proxy mode so as to support the certification of the algorithms and / or clients selected by the server, and the proxy does not change any message in the monitor mode and changes the message in the proxy mode. The embodiments of the invention further provide a corresponding network device.

Description

technical field

[0001] The invention relates to the field of encrypted communication, in particular to a TLS (Transport Layer Security, Transport Layer Security) scanning method and device. Background technique

[0002] TLS is a widely used authentication and secure transport protocol. The session key shared by both parties is obtained through identity authentication, which is used for encryption and authentication of subsequent communication content.

[0003] TLS is now increasingly used to encrypt applications on the web. While TLS protects the confidentiality and integrity of these applications, it brings some problems. Some application-layer attack traffic is encrypted by TLS, so that IPS (Intrusion Prevention System, intrusion prevention system) equipment cannot detect it. For example, an attack against an encrypted website, IPS can do nothing about it.

[0004] The existing technology may not support a certain algorithm when performing server-side scanning, or may ...

Images