Qualys Web Application Firewall 2.0 (WAF) now supports multiple secure web applications (HTTPS) in the same cluster, through the Server Name Indication (SNI) extension of TLS protocol. Multiple TLS certificates could now be presented on the same WAF Cluster IP, making the configuration and the deployment of multiple secure websites easier and quicker.
On Saturday Adam Langley from Google documented a MITM attack on Google sites that happened in France in early December. A French government agency associated with the Treasury obtained certificates for Google sites in order to be able to transparently (i.e. without users noticing) proxy and decode the traffic to those Google sites. According to the government agency this was only done for internal traffic within the ministry.
Google noticed the unauthorized certificate through one of the monitoring mechanisms built into the Chrome browser and followed up with the certificate authority in question ANSSI, which confirmed that the certificate had been emitted in disregard of their own policies. The certificate has been revoked.
Google, Microsoft and Mozilla have updated their certificate stores to reflect the revocation. Google and Microsoft have their respective automatic update mechanisms will take care of the propagation for Chrome and Windows 7 and above. Mozilla’s upadte will be released later this week in Firefox 26.
