[urgent] HTTPS scanning makes connections vulnerable/unsecure

Discussion in 'Technical Support (AdGuard for Windows)' started by Dolfi, Dec 12, 2014.

  1. Dolfi

    Dolfi Banned

    Joined:
    Nov 21, 2014
    Messages:
    218
    @ALL: if you use HTTPS scanning make sure to put your bank, Paypal, eBay, ... in 'Exclusions' (Advanced Interface --> Settings --> Network --> Exclusions - lowest line in that window) and/or disable HTTPS scanning before making any transaction or giving (very) personal/private info to a site.

    @AG team:
    Please check here or here (or at any other browser security test site) to see hat "Your client is using TLS 1.0, which is very old, possibly susceptible to the BEAST attack, and doesn't have the best cipher suites available on it. Additions like AES-GCM, and SHA256 to replace MD5-SHA-1 are unavailable to a TLS 1.0 client as well as many more modern cipher suites."
    I sincerely hope you haven't been aware of that?!

    IMHO it's irresponsible to weaken customer security by ignoring security standards and well known weaknesses.
    This is also nothing that can "wait until v6", AGs HTTPS scanning produces a severe security hole!
     
  2. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    12,947
    We should implement TLS 1.2 in future indeed, I've answered in the corresponding thread.

    One notice though.

    Big red words on that website do not mean that TLS is not secure.
    There are no vulnerabilities in it and if you compare 1.0, 1.1 and 1.2, they are all pretty the same.
     
  3. Dolfi

    Dolfi Banned

    Joined:
    Nov 21, 2014
    Messages:
    218
    I am with you: A yr ago such security was nice to have. But nowadays you (IMHO) should proactively protect your customers.
    Issues arise any other day.
    It was at least cool, sign of a competent, engaged vendor to natively support newest technology. If websites turn that down (enough do! :( ) it's bad enough, isn't it?
     
  4. FattiesGoneWild

    FattiesGoneWild Member

    Joined:
    Jan 26, 2015
    Messages:
    79
    I am kinda confused and alarmed at the same time about this. Is it safe or not to continue using AdGuard https on any website? Including banks, paypal etc.
     
  5. vasily_bagirov

    vasily_bagirov Administrator Staff Member Administrator

    Joined:
    Jul 1, 2014
    Messages:
    6,364
    TLS 1 is definitely a safe protocol. TLS 1.2 is just it's most recent version.
    You can find more information in this thread: http://forum.adguard.com/showthread.php?3509-no-TLS-1-2-support-in-6137