Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

SSL Forward Proxy Overview

Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL, also called Transport Layer Security (TLS), ensures the secure transmission of data between a client and a server through a combination of privacy, authentication, confidentiality, and data integrity. SSL relies on certificates and private-public key exchange pairs for this level of security.

Server authentication guards against fraudulent transmissions by enabling a Web browser to validate the identity of a Web server. Confidentiality mechanisms ensure that communications are private. SSL enforces confidentiality by encrypting data to prevent unauthorized users from eavesdropping on electronic communications. Finally, message integrity ensures that the contents of a communication have not been tampered with.

SSL forward proxy is a transparent proxy; that is, it performs SSL encryption and decryption between the client and the server, but neither the server nor the client can detect its presence. SSL forward proxy ensures that it has the keys to encrypt and decrypt the payload:

Figure 51 depicts how SSL inspection (on an existing SRX Series IPS module) is typically used to protect servers. SSL inspection requires access to private keys used by the servers so that the SRX Series device can decrypt the encrypted traffic.

Figure 51: SSL Inspection on an Existing SRX Series Device

SSL
Inspection on an Existing SRX Series Device

Figure 52 shows how SSL forward proxy works on an encrypted payload. When application firewall (AppFW), intrusion prevention system (IPS), or application tracking (AppTrack) is configured, SSL forward proxy acts as an SSL server terminating the SSL session from the client and a new SSL session is established to the server. The device decrypts and then re-encrypts all SSL forward proxy traffic. SSL forward proxy uses the following services:

Note If none of the services (AppFW, IPS, or AppTrack) are configured, then SSL forward proxy services are bypassed even if an SSL proxy profile is attached to a firewall policy. IPS does not perform SSL inspection on a session if SSL forward proxy is enabled for that session. That is, if both SSL inspection and SSL forward proxy are enabled on a session, SSL forward proxy always takes precedence.

Figure 52: SSL Proxy on an Encrypted Payload

SSL Proxy on an Encrypted
Payload

Supported Ciphers in Proxy Mode

An SSL cipher comprises encryption ciphers, authentication method, and compression. Table 165 displays a list of supported ciphers. NULL ciphers are excluded.

The following SSL protocols are supported:

Table 165: Supported Ciphers in Proxy Mode

SSL Cipher

Key Exchange Algorithm

Data Encryption

Message Integrity

RSA_WITH_RC4_128_MD5

RSA key exchange

128-bit RC4

Message Digest 5 (MD5) hash

RSA_WITH_RC4_128_SHA

RSA key exchange

128-bit RC4

Secure Hash Algorithm (SHA) hash

RSA_WITH_DES_CBC_SHA

RSA key exchange

DES CBC

SHA hash

RSA_WITH_3DES_EDE_CBC_SHA

RSA key exchange

3DES EDE/CBC

SHA hash

RSA_WITH_AES_128_CBC_SHA

RSA key exchange

128-bit AES/CBC

SHA hash

RSA_WITH_AES_256_CBC_SHA

RSA key exchange

256-bit AES/CBC

SHA hash

RSA_EXPORT_WITH_RC4_40_MD5

RSA-export

40-bit RC4

MD5 hash

RSA_EXPORT_WITH_DES40_CBC_SHA

RSA-export

40-bit DES/CBC

SHA hash

RSA_EXPORT1024_WITH_DES_CBC_SHA

RSA 1024 bit export

DES/CBC

SHA hash

RSA_EXPORT1024_WITH_RC4_56_MD5

RSA 1024 bit export

56-bit RC4

MD5 hash

RSA_EXPORT1024_WITH_RC4_56_SHA

RSA 1024 bit export

56-bit RC4

SHA hash

RSA-WITH-AES-256-GCM-SHA384

RSA key exchange

256-bit AES/GCM

SHA384 hash

RSA-WITH-AES-256-CBC-SHA256

RSA key exchange

256-bit AES/CBC

SHA256 hash

RSA-WITH-AES-128-GCM-SHA256

RSA key exchange

128-bit AES/GCM

SHA256 hash

RSA-WITH-AES-128-CBC-SHA256

RSA key exchange

128-bit AES/CBC

SHA256 hash

Server Authentication

Implicit trust between the client and the device (because the client accepts the certificate generated by the device) is an important aspect of SSL proxy. It is extremely important that server authentication is not compromised; however, in reality, self-signed certificates and certificates with anomalies are in abundance. Anomalies can include expired certificates, instances of common name not matching a domain name, and so forth.

Server authentication is governed by selecting the Ignore Server Authentication option in the SSL forward proxy profile.

If the Ignore Server Authentication option is not selected, the following scenarios occur:

If the Ignore Server Authentication option is defined as an action in the SSL forward proxy profile, the following scenarios occur:

Trusted CA List

SSL forward proxy ensures secure transmission of data between a client and a server. Before establishing a secure connection, SSL forward proxy checks certificate authority (CA) certificates to verify signatures on server certificates. For this reason, a reasonable list of trusted CA certificates is required to effectively authenticate servers.

Ignore Server Authentication

You can use the Ignore Server Authentication option to ignore server authentication completely. In this case, SSL forward proxy ignores errors encountered during the server certificate verification process (such as CA signature verification failure, self-signed certificates, and certificate expiry).

We do not recommend this option for authentication, because configuring it results in websites not being authenticated at all. However, you can use this option to effectively identify the root cause for dropped SSL sessions.

Root CA

In a public key infrastructure (PKI) hierarchy, the root CA is at the top of the trust path. The root CA identifies the server certificate as a trusted certificate.

Session Resumption

An SSL session refers to the set of parameters and encryption keys created by performing a full handshake. A connection is the conversation or active data transfer that occurs within the session. The computational overhead of a complete SSL handshake and generation of master keys is considerable. In short-lived sessions, the time taken for the SSL handshake can be more than the time for data transfer. To improve throughput and still maintain an appropriate level of security, SSL session resumption provides a session caching mechanism so that session information, such as the pre-master secret key and agreed-upon ciphers, can be cached for both the client and server. The cached information is identified by a session ID. In subsequent connections both parties agree to use the session ID to retrieve the information rather than create a new pre-master secret key. Session resumption shortens the handshake process and accelerates SSL transactions.

SSL Proxy Logs

When logging is enabled in an SSL proxy profile, SSL proxy can generate the messages shown in Table 166.

Table 166: SSL Proxy Logs

Log Type

Description

SSL_PROXY_SSL_SESSION_DROP

Logs generated when a session is dropped by SSL proxy.

SSL_PROXY_SSL_SESSION_ALLOW

Logs generated when a session is processed by SSL proxy even after encountering some minor errors.

SSL_PROXY_SESSION_IGNORE

Logs generated if non-SSL sessions are initially mistaken as SSL sessions.

SSL_PROXY_SESSION_WHITELIST

Logs generated when a session is whitelisted.

SSL_PROXY_ERROR

Logs used for reporting errors.

SSL_PROXY_WARNING

Logs used for reporting warnings.

SSL_PROXY_INFO

Logs used for reporting general information.

All logs contain similar information; the message field contains the reason for the log generation. One of three prefixes shown in Table 167 identifies the source of the message. Other fields are descriptively labeled.

Table 167: SSL Proxy Log Prefixes

Prefix

Description

system

Logs generated due to errors related to the device or an action taken as part of the SSL proxy profile. Most logs fall into this category.

openssl error

Logs generated during the handshaking process if an error is detected by the openssl library.

certificate error

Logs generated during the handshaking process if an error is detected in the certificate (x509 related errors).

Perfect Forward Secrecy

Perfect Forward Secrecy is a specific key agreement protocol that provides assurance that your session keys are not compromised even if the private key of the server is compromised. By generating a unique session key for every session a user initiates, even if a single session keys gets compromised does not affect any data other than that exchanged in a specific session protected by that particular key.

The Elliptic Curve DHE (ECDHE) cipher suits are supported to enable the perfect forward secrecy on SSL forward proxy. The SSL forward proxy still uses RSA for authentication. However, it uses EC Diffie-Hellman ephemeral key exchange to agree on a shared secret.

ECDHE cipher suites are faster than the DHE counterparts and therefore, the SSL forward proxy supports only ECDHE cipher suits. The ECDHE cipher suits are based on the elliptic curve cryptography which allows you to achieve the same level of security than RSA with smaller keys. For example, a 224 bit elliptic curve is as secure as a 2048 bit RSA key.

Table 168 shows the supported ECDHE cipher suits.

Table 168: Supported ECDHE Cipher Suits

SSL Cipher

Key Exchange Algorithm

Data Encryption

Message Integrity

ECDHE-RSA-WITH-AES-256-GCM-SHA384

ECDHE RSA

256-bit AES/GCM

SHA 384 hash

ECDHE-RSA-WITH-AES-256-CBC-SHA384

ECDHE RSA

256-bit AES/CBC

SHA 384 hash

ECDHE-RSA-WITH-AES-256-CBC-SHA

ECDHE RSA

256-bit AES/CBC

SHA hash

ECDHE-RSA-WITH-AES-3DES-EDE-CBC-SHA

ECDHE RSA

3DES AES/EDE/CBC

SHA hash

ECDHE-RSA-WITH-AES-128-GCM-SHA256

ECDHE RSA

128-bit AES/GCM

SHA 256 hash

ECDHE-RSA-WITH-AES-128-CBC-SHA256

ECDHE RSA

128-bit AES/CBC

SHA 256 hash

ECDHE-RSA-WITH-AES-128-CBC-SHA

ECDHE RSA

128-bit AES/CBC

SHA hash

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit