README: Add KNOWN ISSUES with a minor Firefox problem.

[tlsproxy/tlsproxy.git] / README

README
======

tlsproxy is a TLS proxy for HTTPS which intercepts the connections and ensures
the server certificate doesn't change. Normally this isn't detected if a
trusted CA for the new server certificate is installed.

tlsproxy is licensed under GPL 3 (or later).


REQUIREMENTS
------------

- GnuTLS library including development headers
- certtool (from by GnuTLS) to create TLS certificates


USAGE
-----

To use tlsproxy you must first run `tlsproxy-setup` in an (empty) directory.
This creates the following files:

- `proxy-ca.pem`:      CA which is used for all connections to the client
- `proxy-ca-key.pem`:  private key for the CA
- `proxy-key.pem`:     private key for the server
- `proxy-invalid.pem`: special certificate used for invalid pages

Then import the CA file `proxy-ca.pem` in your browser so it can validate the
pages sent by the proxy.

For each page you want to visit securely you must first obtain its server
certificate (in PEM format) (for example with `gnutls-cli --print-cert server`
- you need the first certificate). The next step is to _validate_ it. The
proxy doesn't perform any validation thus it's important that you make sure
the server certificate is the correct one!

Then run `tlsproxy-add hostname path-to-certificate` in the same directory as
above. This creates the following files:

- `certificate-example.org-proxy.pem`: certificate used by the proxy for the
  connection to the client
- `certificate-example.org-server.pem`: original server certificate, used to
  check if the current server certificate changed

If the validation is successful the proxy uses the `certificate-*-proxy.pem`
certificate to secure the connection to the client (signed by `proxy-ca.pem`).

If an error occurs in the validation (missing `certificate-*.pem` files,
fingerprint changed, etc.) it's logged by the proxy (stdout) and the special
`proxy-invalid.pem` certificate is used to send a 500 error message to the
client. The connection to the server is closed so there's no chance that any
client data is sent to the (possible) evil server. The invalide certificate is
also easy to spot in the browser because it uses an invalid hostname
("invalid") and is self-signed.

If an internal error occurs before the TLS connection can be established a 503
Forwarding failure is sent to the client (unencrypted).


-u option
~~~~~~~~~

The '-u' option passes through connections for hostnames with no stored
certificate (i.e. `certificate-*-server.pem` is missing or unreadable). In
this case the normal CA chain in your browser lets you validate the server
certificate. If the server certificate changes you're _not_ informed!

This option is useful if you often visit websites using HTTPS but you don't
use critical information (e.g. no passwords, etc.) on this website.

For hostnames with a stored server certificate everything works as usual and a
certificate change is detected.

WARNING: The option might cause security problems if you're not careful:

For example you normally visit https://example.org/ and store the server
certificate in `certificate-example.org.server.pem`. Without '-u' everything
is fine.

But if you use '-u' and an attacker redirects you to e.g.
https://www.example.org/ (or https://whatever.org/) (for example through a
link on a different site) then the proxy just forwards the TLS connection
(because it doesn't know the fingerprint for https://www.example.org/, that's
how '-u' works) and you won't be aware that a different server certificate
might be used!

If you always verify the authentication of the connection this isn't a
problem, but if you only check if it's a HTTPS connection then this attack is
possible.


KNOWN ISSUES
------------

- Firefox (at least Iceweasel 3.5.16 on Debian) fails to load the error page
  sent with the "invalid" certificate once the certificate has been accepted.
  As the user shouldn't accept the invalid certificate this is a minor issue.