57

I use a HTTPS connection without a valid SSL certificate. Is the connection safe? Is the information encrypted?

Anders
  • 8,307
  • 9
  • 56
  • 88
user466981
  • 573
  • 1
  • 4
  • 4
  • 10
    You can't use a https connection without a SSL certificate, can you? You probably mean using a *self-signed* certificate – Pekka Oct 05 '10 at 15:15
  • Why would this belong to superuser? – SilentGhost Oct 05 '10 at 15:15
  • 3
    No information or connection is ever safe. If the internet is a series of tubes, those tubes are translucent and anyone can see through them and into your application. – Moses Oct 05 '10 at 15:15
  • You should clarify your question. The server always needs a certificate but the client does not. – musiKk Oct 05 '10 at 15:17
  • 7
    @Moses Modern encryption ensures a *reasonable* level of safety for any data the average person is likely to encounter - SSNs, credit card, etc. I imagine the government wouldn't trust it for information on captured aliens. – ceejayoz Oct 05 '10 at 15:17
  • 5
    @Moses - So you're saying a HTTPS connection to your bank is completely useless? – m.edmondson Oct 05 '10 at 15:18
  • @SilentGhost: Shoulda been SF, i think. "This question is about servers, networks or the administration of many machines, and is a better fit for Server Fault." – cHao Oct 05 '10 at 20:17
  • @Pekka - Whats this? You got any links? – m.edmondson Oct 06 '10 at 08:11
  • 1
    @eddy I can't find the link right now but it's in the CSS 3 specification. – Pekka Oct 06 '10 at 11:37
  • @Pekka웃 how does the style sheet spec reduce data visibility? btw nice use of hangul to make a dood figure. oos to you too. – user137717 Jan 01 '15 at 08:33
  • 2
    @user137717 I think Pekka is a bit confused and referring to actual visual opacity. Meanwhile @ Moses is talking about how easy it is to copy data being transferred. Moses is still a bit off though tbh. Encrypted data isn't transparent like clear text, the opacity is based on type & level of encryption vs a function of a cracker's skill over their level of resources . – That Realty Programmer Guy Jun 01 '15 at 00:44
  • A pinned self signed certificate is much safer. A unpinned CA signed certificate is just false security feeling. – ego2dot0 Oct 25 '16 at 16:04

6 Answers6

69

The connection is encrypted even if the SSL certificate isn't valid (expired, snake-oil, untrusted CA, etc.). The SSL certificate validation just makes sure you're connecting to the folks you think you're connecting to. Encryption doesn't do you any good if the folks decrypting your data are crackers instead of PayPal.

ceejayoz
  • 176,543
  • 40
  • 303
  • 368
  • 3
    But thats the point, a certificate is still required (whether valid or not) – m.edmondson Oct 05 '10 at 15:17
  • 4
    Yes, but you can generate a self-signed one in seconds. I took the question as asking whether you need a valid cert. – ceejayoz Oct 05 '10 at 15:18
  • 1
    In that case you're correct, however the question was whether a certificate was required - which it is or nothing will be encrypted. – m.edmondson Oct 05 '10 at 15:21
  • 3
    The question says he's using a HTTPS connection, though. If you take the question 100% literally it's an impossible one. – ceejayoz Oct 05 '10 at 15:23
28

Actually it is possible to establish an encrypted connection between complete strangers without a certificate, using Diffie-Hellman or similar key exchange algorithms.

Alice and Bob agree on a random number x. Alice calculates xa, where a is a large prime number known only to Alice, and sends that to Bob. Bob calculates xb and sends it to Alice. Alice calculates (xb)a, and Bob calculates (xa)b. Since (xa)b = (xb)a = xab, Alice and Bob now both know the number xab and can use it as an encryption key. The beauty of this is that Bob doesn't know a, Alice doesn't know b, and any eavesdroppers don't know either number (because calculating a from xa, in the case of large numbers, would take years).

As supercat points out, this by itself is still susceptible to a man-in-the-middle attack, and that's why at least one end of the transaction needs to authenticate using a certificate. To be accurate, though, it is not the server that checks this, it's the browser, and most browsers will let the user continue if the certificate is invalid (or possibly even garbage). In that event, the connection will still be considerably more secure than a regular connection. To listen in, you'd need to be able to manipulate IP routing or DNS lookups, and you'd have to set it up before the connection was first made, which is not easy to do.

BTW the keypairs in certificates are not what's used to encrypt actual traffic; they are used to establish a new single-use key for a much faster symmetric cipher (such as DES) which then does the rest of the work.

bobtato
  • 1,157
  • 1
  • 9
  • 11
  • 2
    Note: I think you forgot to mention that all calculations are performed module N where N is another large number agreed upon by Alice and Bob. Note also that neither X nor N need be random numbers -- they can even be constants hardwired into the algorithm; only a and b are variables and secrets. – Edward Falk May 07 '13 at 19:32
  • The caveat is in the fact that this would have to be implemented in the browser in the first place, right? – Amunak May 30 '13 at 07:53
10

If there were no verification of SSL certificates, then someone who intercepted a communications channel could capture a request to connect to https://www.acmebank.com, send its own request to www.acmebank.com, and negotiate keys with both acmebank.com and the user. After that, it could receive each morsel of data from the user, decrypt with the user's key, and encrypt with acmebank's key, and do likewise with data from acmebank.com. The net effect would be that neither the user nor acmebank would see anything wrong, but the interceptor would be able to decrypt all of the data between the user and acmebank. The user and the bank will be using different keys to handle their communication, but neither entity will know this. Adding any standard aspect to the protocol to inquire what key is in use wouldn't help, since the interceptor could detect such queries and change the responses appropriately.

SSL prevents a man-in-the-middle attack by requiring the host to send the recipient a copy of the key the host is using, encrypted in a form that an intruder won't be able to fake (unless the intruder can fake CA credentials, at least). If one does not use a CA-issued certificate, there will be little protection against a man-in-the-middle attack, though the encrypted layer would prevent passive or retrospective decryption of session contents (BTW, I wish there were standards for something between unencrypted communication and SSL, for situations where passive or retrospective decryption are the primary threat, but I don't know of any).

supercat
  • 77,689
  • 9
  • 166
  • 211
  • Basically what you're saying is using SSL without a certificate is pointless, against experienced hackers – bobobobo Apr 07 '13 at 07:01
  • @bobobobo: SSL without a certificate protects against some threats but not others. Whether or not such protection is useful depends upon the type of protection that's needed. If each party had a certificate which confirmed via some outside channel to have been protected by the other, there would be no need for certificates issued by some outside CA. For example, even without certificate authorities it would be possible for banks to post on billboards a thumbprint of their self-issued certificate, specify in all their ads and mailings the locations where such... – supercat Apr 08 '13 at 15:12
  • ...billboards might be found, and have people watch such billboards to ensure they are not tampered with. Their customers could then confirm when they connect to the bank the first time that the certificate they receive has a correct thumbprint. In practice, this would be so much hassle that few customers would want to bother with it; having SSL automatically use certificates from a small number of trusted authorities simplifies things enormously. – supercat Apr 08 '13 at 15:14
6

Don't bother yourself anymore with invalid ssl certificate. You can now generate free browser valid certificate for your server as easily as you would generate a snakeoil (self-signed, browser invalid) certificate. Go see https://letsencrypt.org/ it's free and open to contributions.

Nicolas Manzini
  • 8,379
  • 6
  • 63
  • 81
  • It's a promising solution, especially for the projects in which you can't ask people to pay for a "trusted" certificate. I hope that there is no mean of revoking a certificate for non technical reasons, I'm worried about censorship both from the governments and the corporations. I see Facebook in the list of sponsors, it doesn't reassure me. – gouessej Jan 22 '16 at 12:55
  • Really? Unless you plan to have a secure child pornography website or some new world order terrorist shit you have nothing to hide or fear... – Nicolas Manzini Jan 22 '16 at 14:11
  • At first, I'm not interested in child pornography. Secondly, Pétain considered that De Gaulle was a "terrorist" whereas he was organizing the resistance against the Nazis, it shows the subjective meaning of the word "terrorist" often used against political opponents, everybody can become the "terrorist" of someone else. Thirdly, the ISRG Certificate Policy doesn't mention child pornography and terrorism in its "Prohibited Certificates Uses", the phrasing is less accurate. – gouessej Jan 22 '16 at 19:55
  • Fourthly, please can you imagine that you can undergo censorship for other reasons than child pornography and new world order terrorist? The police can do an house search with no justification in France during the emergency state, we are some activists to fear our own government whereas we aren't interested in "new world order terrorist shit". – gouessej Jan 22 '16 at 19:58
  • It's about the same difficulty if you're not using the specific server configuration that Let's Encrypt requires. Arguably, it's much more of a hassle to maintain because you have to manually renew every 90 days. It's very much a beta product. – William Feb 03 '16 at 19:12
  • Let’s encrypt requires a domain name. You also can’t get a wildcard certificate. – user2284570 Dec 28 '17 at 04:52
  • Why put all the trust in these institutions? Why hand over control over the internet to them? – étale-cohomology Apr 10 '22 at 12:31
  • @étale-cohomology its not us but those who make the web browser that put trust into this institutions. – Nicolas Manzini Apr 10 '22 at 15:19
2

Nope. What you're doing when using HTTPS is telling the browser to connect via a different port (443) whereas normally you connect via (80). Without a certificate, the server would refuse the connection. HTTPS is simply not possible without a certificate. Look here and you'll see a certificate is needed for it to work.

m.edmondson
  • 30,382
  • 27
  • 123
  • 206
  • the browser ask you if you trust in the connection, if i accept this connection the transfered information is not encrypted anyway? – user466981 Oct 05 '10 at 15:17
  • 4
    If your browser asks you to trust an invalid cert, the information is encrypted. You just can't verify that the person receiving it is legit. – ceejayoz Oct 05 '10 at 15:19
  • This means that the certificate is likely self signed or expired (thats why its asking if you're sure). The question was whether a certificate was required - which it is. – m.edmondson Oct 05 '10 at 15:20
  • 1
    The server is NOT going to refuse the connection. The browesr will warn you that there is no certificate (or that it is expired) then it is your sole responsibility to drop or continue the session. As long as you are using the SSL protocol, the connection will be encrypted. – Jean-François Jan 19 '13 at 20:53
  • 2
    @Jean-François - without a certificate where does the browser get the encryption key from? – m.edmondson Jan 20 '13 at 22:50
  • without a certificate, public keys are exchanged in plain text which is vulnerable to mitm attack. Hence https uses certificates to overcome this problem. But an attacker can intercept even servers certificate and send a self-signed certificate, in this case browser warns the user. As most users unaware of this, they will proceed with unauthenticated session – Manikandan Kbk DIP Jul 15 '21 at 18:53
0

It's possible to establish an encrypted connection, yes, but it would still be possible that you're communicating with a cracked cpmputer instead of the real server. Like that, the cracked computer tells the server that he would be the client, decrypt all the data, store it and send the encrypted data to the client (and tell him he would be the server). So it's just a safe connection if there's no vulnerable point between the server and the client, which no one can guarantee.

divaidee
  • 1
  • 3