A majority of the security solutions deployed in companies (firewalls, intrusion prevention systems, ...) include the possibility of inspecting SSL/TLS (flows used by HTTPS, POP3S, SMTPS, XXXS).
When this option is enabled (sometimes by default), all encrypted streams are deciphered by this device. In the context of privacy, this functionality must be known to users (with the IT policy for example).

The administrator can enable the 'SSL/TLS inspection' in the admin panel of the firewall. Beforehand, the firewall certificate will have been installed on the computers of the network (via a GPO for example) in order to eliminate the alert messages in email applications and WEB browsers.

The firewall can then store the data in plain text. These data can be consulted (without your agreement) by the administrator.

Our method allows highlighting this practice. In the following example, the CheckMyHTTPS module has detected (red icon) that the certificate received by 'Microsoft Outlook'® (forged dynamically by the firewall) differs from the certificate send by the mail server (login.live.com). It is thus the proof of an interception SSL.

Pirate techniques for intercepting encrypted WEB flows are nowadays mature and documented. Thus, a malicious user connected to an unsecured wired (or WIFI) local area network, whether at home or at work, can use these techniques to intercept, analyze or modify secure flows. In this case the "CheckMyHTTPS" method will also detect the SSL interception and display a red icon.

Some antivirus programs such as Avast!® or Kaspersky® intercept and decipher your secure connections. The editors of these antiviruses justify this behaviour by the need for protection, even in encrypted flows. This allows their software to access your protected data in a clear way. We draw attention to the fact that an antivirus is permanently connected to the site of its publisher (if only to receive its updates).