Beginning from Chrome 63 release, the browser will notify users about the TLS interception occurrence, which frequently takes place during MitM (Man-in-the-middle) attacks. The release of the Chrome 63 version is scheduled for December 5, 2017.
As we mentioned earlier, Google, Mozilla, Microsoft and other major browser developers are actively promoting HTTPS. Websites that decided to switch over to the HTTPS receive some advantages such as better ranking in search results, as well as a higher level of trust from visitors.
When TLS can be intercepted?
One of the common reasons for intercepting TLS is man-in-the-middle attack. In this case, the attacker acts as intermediary in the interaction between the server and the user. All transmitted data goes through the attacker, and during that stage, he can intercept, examine and easily manipulate received information in any desirable way.
Quite frequently, the user is not even aware that he was a victim of MitM-attack and all of his data is now passing through the "filter" of the attacker. Google's decision to add notifications of TLS interception will allow site administrators to act in a timely manner in order to fix existing security problems and proactively respond to potential security threats.
TLS can also be intercepted using MitM approach for a good reason. In this case, traffic interception performed for analyzing it for the presence of malicious requests and viruses. This practice is ambiguous and may not be appreciated; therefore, it is best to avoid it. In this case, Chrome will not display any warnings.
How to enable TLS interception warnings in Canary, dev versions of Chrome
You can enable TLS interception warnings right now, if you use the dev version of Chrome named Canary. This is done as follows:
- In the browser, select Properties.
- In the Target field, enter the following: "-enable-features = MITMSoftwareInterstitial".
- Save the changes.
Make sure you’ve subscribed to our newsletter in order to stay aware of all the latest news from the world of SSL and cybersecurity! Buy trusted SSL certificates from a credible store - LeaderSSL, to ensure you will not face any issues with your web sites.