Reputation: 7613
what charles or any middle man see when we have implemented SSL pinning between client and server?
what charles or any middle man see when we have implemented SSL pinning between client and server ?
i know bit of about what is SSL pinning, how to implement it in app and server side. but i am not clear about how middle man views SSL pinning ? what kind of requests middle man see in this case ? and why it is not able to get information from request ?
Upvotes: 0
Views: 85
Answers (1)
Reputation: 123375
If pinning is properly implemented the MITM will see the original TLS ClientHello from your device which likely includes the target hostname and it will get from the target server the leaf and chain certificates. After the MITM tries to send newly created certificate to the client the client should just close the connection since the certificate is not the expected one, i.e. no actual application data are transferred but only the meta data.
Upvotes: 1
Related Questions
- Why Certificate pinning is so important?
- Does SSL pinning in android app affect working of iOS app using same server?
- What would happen if I renew my server certificate and my application is doing certificate pinning?
- How to implement SSL Pinning in iOS?
- ATS and SSL pinning
- iOS - how do I get server certificate into iOS client keychain for pinning
- Certificate pinning in iOS
- SSL pinning client encryption
- SSL pinning a signed cert on iOS
- SSL Pinning on iOS