TLENVOY - A Tool for TLS Termination and Inspection
Article Sidebar
Main Article Content
Abstract
With the increasing adaption on encrypted communication over the internet, ensuring the security over network traffic has become very crucial. Transport Layer Security (TLS) is now widely used to secure data in transit, but at the same time it also poses challenges for network administrators who need to inspect traffic for malicious content or policy violations. This paper explores the use of Envoy, an open-source edge and service proxy, as a forward proxy to inspect TLS traffic. By leveraging Envoy's capabilities, organizations can maintain a secure environment for all nodes behind the proxy. We discuss the architecture, implementation, security considerations, and potential challenges of using Envoy for TLS inspection. The paper concludes with recommendations for deploying such a system in a secure and efficient manner.
Article Details
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
References
E. Rescorla, “The transport layer security (TLS) protocol version 1.3,” 2018.
S. Dyllan, H. Dahimene, P. Wright, and P. Xiao, “Analysis of HTTP and HTTPS usage on the university internet backbone links,” J. Ind. Intell. Inf. Vol, vol. 2, no. 1, 2014.
D. Naylor et al., “The cost of the" s" in https,” in Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies, 2014, pp. 133–140.
T. Dierks and E. Rescorla, “The transport layer security (TLS) protocol version 1.2,” 2008.
R. Fielding et al., “Hypertext transfer protocol--HTTP/1.1,” 1999.
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk, “Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile,” 2008.
H. Krawczyk and P. Eronen, “HMAC-based extract-and-expand key derivation function (HKDF),” 2010.