5

Would it be possible to establish a TLS connection over TLS with OpenSSL or some other tool?

If possible, would the certificates for each level need to be different?

xor
  • 561
  • 3
  • 13
  • You may also be interested in this: http://security.stackexchange.com/q/17222/2435 – Bruno Aug 30 '12 at 21:21
  • 1
    As Luke mentioned, you can easily end up in a situation where you have a VPN running over TLS and an HTTPS connection made from a client on that network. Is it the kind of scenario you have in mind, or were you after some sort of dual-layer TLS connection for the same application (which would hardly make sense)? – Bruno Aug 30 '12 at 21:28
  • Note that this is not really a programming question, xor, and it is therefore off-topic. – Maarten Bodewes Aug 30 '12 at 21:54
  • Security is one thing, performance is another. TCP inside TCP can be trouble. It can be done, but usually the preferred lower-level tunnel is connectionless, e.g. UDP. – President James K. Polk Aug 31 '12 at 11:55

3 Answers3

7

This should work just fine in theory, though I cannot say for sure whether OpenSSL or something would support it easily. You can technically use the same certificate for multiple TLS connections, even if one is nested inside another.

However, I want to point out that one common reason to nest TLS connections might be to tunnel data over a multi-layered encrypted connection, making some subset of the data available at each stop in the tunnel (i.e. peeling back a layer of the encryption). Using the same certificate doesn't really support that use case. Perhaps you've got another use case in mind.

Furthermore, it is cryptographically sound to encrypt encrypted data. That is, more encryption cannot make data less secure. Lastly, encrypting encrypted data alone will not make it more secure. That is, AES(AES(x,key1),key2) where key1 != key2 is not more (or less) secure than AES(x, key1). Just in case that was your motivation.

Luke
  • 3,542
  • 3
  • 28
  • 48
  • 1
    My motivation was curiosity. =) – xor Aug 30 '12 at 19:52
  • AES(AES(x)) can be really insecure if that AES would be e.g. counter mode encryption using the same key and NONCE, as it would zero out the encryption. There are other uses when this would be pretty insecure (encrypting the IV wit the same key). As TLS uses random session keys, that should not happen with TLS though. – Maarten Bodewes Aug 30 '12 at 21:53
  • @owlstead You're correct. If you encrypt and then decrypt, it's obviously not going to be secure. And you should be aware of the cases where decrypt is equal to encrypt. I simply meant that AES(AES(x,key1),key2) is not more or less secure than AES(x,key1) alone. I'd make an edit to reflect that. – Luke Aug 31 '12 at 17:41
  • I understand that if AES is vulnerable then AES-AES could be also vulnerable. However, I wonder if `CHACHA(AES(x))` could be more secure. – iwat May 18 '18 at 22:38
4

TLS doesn't care what data you're sending and receiving, so it could well be another TLS session (though I've no idea why you'd want to do that).

Since it's another, independent session, there's no reason you wouldn't be able to use the same certificate.

James McLaughlin
  • 18,363
  • 2
  • 45
  • 56
  • I have no idea why I'd want to do that either, but if I ever feel the urge to do it, now I know it can be done. =) – xor Aug 30 '12 at 19:51
0

ths tls rfc has confirmed such situation, and the answer is yes, please refer to this : http://tools.ietf.org/html/rfc5246, I couldn't find which part has mentioned this, but I remember I have read it.

zhenyu li
  • 151
  • 1
  • 4