Bulletproof TLS Newsletter #55
Kazakhstan intercepts TLS traffic
30 July 2019
Author: Hanno Böck

This issue was distributed to 51,233 email subscribers.

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space.

In this issue:

  1. Kazakhstan intercepts TLS traffic
  2. Short news

Kazakhstan intercepts TLS traffic

In Kazakhstan, Internet connections via HTTPS are partly intercepted. According to various reports, providers in the central Asian country have asked their customers to install a special root certificate in their browsers that enables the interception. This first became known to a wider audience due to a bug report in Mozilla’s bug tracker. Mozilla hasn’t yet decided how to react, but several users have asked Mozilla to block the certificate in question.

A report published by the Censored Planet organization includes technical details about the interception. According to the report, the interception only happens on certain domains, which include several Google services, Facebook, Twitter, and several hosts of the Russian social network VK.

Reports about Kazakhstan trying to intercept user traffic this way aren’t new. In 2015, a message appeared on the web page of Kazakhtelecom asking users to install a root certificate. However, shortly afterward the message disappeared and it seemed the government had given up on its plans for a few years.

The technique of using manually installed root certificates to intercept HTTPS traffic isn’t unusual, although it’s controversial. Many security products used in larger companies operate the same way to analyze user traffic.

Short news