最近尝试使用 adguard,为了获得匹敌浏览器插件的拦截效果就必须开启 https filter。但 adguard 作为 https client 并不完整,其中最严重的问题就是不检查证书的吊销状态,测试 https://revoked.badssl.com 会成功连接:
https://i.imgur.com/VrOueN8.jpg
。除此之外还支持一些陈旧的加密算法:
https://i.imgur.com/MMsyRkV.png
,自生成根证书时间太长。
实践中这些都不容易被利用,但总是削弱了安全性。考虑到这部分代码没有开源,说不清实践的质量到底怎么样,所以值不值得用大家就见仁见智了。
以上问题已经写邮件给开发团队,目前还没有收到回复。
今天收到了 Adguard 团队的回复如下:
Let me please answer all the questions one by one:
Adguard’s https filtering seems not checking the revoke status of certificates
Ok, this one is unexpected, thank you so much for reporting this to us! Seems to be a Mac-specific issue, we'll handle it asap.
A bug report: https://github.com/AdguardTeam/CoreLibs/issues/1170
1. I see that Adguard will support to show the original certification’s info very soon, which is wonderful. Is it possible to give more details on the protocol used by the connection to the server at the same time? For example, is it TLS 1.2 or 1.3, ECDSA or RSA.
This is a little bit orthogonal to showing a certificate, but we'll think about it as well: https://github.com/AdguardTeam/CoreLibs/issues/1171
2. To prevent downgrade attacks, an option to choose the minimal TLS version would be fantastic. This can even provide a better security than normal browser!
At the moment, AdGuard uses the very same settings as the browser. So if you specify the minimal TLS version in the browser settings (where it's possible), AG will use the same.
3. Is it possible to use the system’s keychain to save the private key of the root certificate? I apologies if this is a naive question, I’m not an experienced Mac developer :)
Technically, yes, it is possible. However, AdGuard generates a unique private key and stores it encrypted for a reason -- so that third-party apps could not access and read or modify it.
4. Can you shorten the valid duration of the root certificate and rotate it frequently? For example, 6 months limitation for the root cert and 3 months for every domain cert.
Here is how it works in the current version:
- AdGuard calculates a hash of the server certificates and uses it as a key in its own encrypted certs storage
- If there's no cert for this hash in the storage, it generates a new one and stores it there
- It's "not_after" date is set to the same value as the original cert had
- Once it expires, it is removed from the storage
With this approach, we can be sure that whenever the domain certificate is changed, AG will reevaluate it, and generate a new certificate. On the other hand, rotating domain certificates more often does make sense to me, we should consider doing it. Re-generating the root certificate is also possible, but tbh I don't see much sense in doing it.
1
18x 2019-10-29 22:41:47 +08:00 via Android
这个证书吊销域名好像有点问题啊,我用 Firefox chrome 测试都是受信任的
|
2
parametrix OP |
3
18x 2019-10-29 23:05:32 +08:00 via Android
|
4
18x 2019-10-29 23:18:11 +08:00
|
5
cydian 2019-10-30 00:25:13 +08:00 via Android
手机 chrome 实测无吊销。
|
6
parametrix OP |
7
MicrosoftAccount 2019-10-30 02:34:02 +08:00
|
8
parametrix OP @MicrosoftAccount
但是我这边 chrome 和 safari 都是默认设置,都能正确提示证书吊销。而且根据 https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md “ What's the story with certificate revocation? Chrome's primary mechanism for checking the revocation status of HTTPS certificates is CRLsets. ” chrome 仍然是检查证书吊销状态的。 |
9
parametrix OP |
10
18x 2019-10-30 07:54:15 +08:00 via Android
用楼主这个测试网站 revoked.badssl.com 手机上 chrome Firefox 都会信任
但我用另一个测试网站 revoked.grc.com Firefox 不信任 打开 adguard 以后 revoked.badssl.com 的证书会被替换,revoked.grc.com 的证书不会被替换 |
11
parametrix OP @18x 是的,我能重复你 revoked.grc.com 这里的结果。
但是除了 revoked.badssl.com 会被替换,所有 https://www.digicert.com/digicert-root-certificates.htm 上的 revoked demo 都会被替换,比如 https://assured-id-root-g3-revoked.chain-demos.digicert.com/ https://assured-id-root-g2-revoked.chain-demos.digicert.com/ https://global-root-ca-revoked.chain-demos.digicert.com/ 所以我还是觉得 adguard 不能正确检查证书吊销状态。 |
12
18x 2019-10-30 08:13:26 +08:00 via Android
@parametrix 你举例的这几个域名我测试都能在 Firefox 信任 可能 adguard 和 Firefox 用的一个列表
|
13
parametrix OP @18x 而且都不检查证书引用的 crl 和 ocsp ...
|
14
18x 2019-10-30 08:29:53 +08:00 via Android
@parametrix 所以啊 这个 adguard 检查不检查证书也没什么区别,反正浏览器都是信任 就个 IE 比较认真去检查
|
15
parametrix OP |