FT_SSL

SSL decoder/encoder.

Category: Preprocessor

Supported flags:
FF_SSL_TLS
FF_SSL_SELF_SIGNED_CERTIFICATE

Object types:
none

Indicates object parts: no

The filter uses man in the middle scheme for decoding the encrypted content. It detects SSL handshakes automatically and generates a compatible SSL certificate for each server. The generated certificates are saved to *.cer (certificate) and *.pvk (private key) files in SSL subfolder of configuration folder specified in pf_init call. By default the filter generates a chained certificate, inherited from a common root with default subject "NetFilterSDK". It is possible to change this name using pf_setRootSSLCertSubject function. The generated root certificate is added to Windows certificate storage automatically, so Internet Explorer, Outlook Express, Outlook, Windows Mail and other applications using Windows internal methods for securing TCP connections accept the generated certificates with no warnings. To disable warnings in the applications using own certificate storages, import ProtocolFilters root certificate to their storage manually, or use import_root_cert tool for importing certificate to Mozilla Firefox, Mozilla Thunderbird, Opera. The root certificate is stored in <configuration folder>\SSL\<root name>.cer file, where <configuration folder> is a folder specified in pf_init call, and <root name> is a name specified in pf_setRootSSLCertSubject call. The default root certificate file name is NetFilterSDK.cer. The private key is always the same for generated root certificates. So it is possible to generate a root certificate with any name once, and it will be a valid root for all chained certificates using a different root certificate with the same name generated by the library.

When the flag FF_SSL_SELF_SIGNED_CERTIFICATE is specified for FT_SSL filter, the library generates self signed certificates for filtered SSL sessions. The applications using Windows certificate storage like Internet Explorer work without warnings in this case too. But the other applications like Firefox show alerts and do not allow to continue transmitting the data until receiving a confirmation from user.

In some cases it is not possible to filter SSL protected data. For example some servers require a valid client certificate, or a client denies the generated server certificates. In this case the filter counts unsuccessful attempts to filter encrypted connection from some process to some host. After second unsuccessful attempt it stops trying to decode SSL, and creates a file named as .x in SSL folder to avoid blocking the data transmittion in future.

Administrative rights are required for adding certificates to Windows storage.