Home / server / Questions / 378154
Accepted
Pieter
Asked: 2012-04-11 07:40:05 +0800 CST

Is HTTPS over a proxy server as safe as HTTPS over a VPN?

  • 772

I know that VPNs are considered to be more secure than proxy servers for a number of reasons, but I'm curious to know if this counts for SSL connections too. Are there additional security risks associated with using HTTPS over a proxy instead of a VPN?

networking

1 Answers

  1. Best Answer

    As long as your certificate authority trust and both your system and the target server have not been compromised, your connection to a https server (with any number of middlemen) should never be at risk of sniffing or modification.

    Possible external attackers:

    • Your ISP
    • Someone on your network
    • The proxy owner

    Attack vectors:

    Your DNS query will likely be sent unencrypted (unless you've set up DNSCrypt or the like), so an attacker will be able to tell both the IP and domain you are connecting.

    As long as the certificate's chain of trust is not broken (by, say, someone installing a rogue CA certificate on your computer or compromising a root CA), your browser will tell you if someone has given you an invalid certificate. As long as you have the right certificate, the traffic will be mostly safe - someone may be able to make guesses about the number and size of URLs requested, but the contents will be nicely hidden.

    Chain of trust can be broken if:

    • Your browser says "this website is not secure" and you click an override anyway.
    • The certificate authority issues certificates without verifying site ownership.
    • Your computer has been hacked (but at this point you're screwed for privacy no matter what).
    • The target site has been hacked - the attacker will have the certificate's private key and likely be able to decode the encrypted stream, as well as pretend entirely to be the target.
    • 3