Ping a Specific Port

Question

Fraggle

Asked: 2016-08-04 07:13:17 +0800 CST2016-08-04 07:13:17 +0800 CST 2016-08-04 07:13:17 +0800 CST

Does TLS 1.2 prevent MITM sniffing with proxy certificate?

772

I've used jMeter proxy to inspect SSL traffic coming from my iPhone, by installing the jMeter certificate on the iPhone and then configuring my wifi on the phone to use the jMeter proxy.

If I want to prevent this MITM sniffing for a particular website/server can I just enforce TLS 1.2 on the server?

Does TLS1.2 actually prevent this kind of MITM sniffing if it is enforced throughout?

1 Answers

Voted

Steffen Ullrich · Answer 1 · 2016-08-04T08:53:37+08:00

Best Answer

Steffen Ullrich

2016-08-04T08:53:37+08:002016-08-04T08:53:37+08:00

Man in the middle is prevented if the client checks that it gets exactly the expected certificate. This is called certificate or public key pinning. This is not a feature of any TLS version including TLS 1.2 but must be implemented explicitly in the client. For more information and example code see OWASP: Certificate and Public Key Pinning.

1

Does TLS 1.2 prevent MITM sniffing with proxy certificate?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?