Content delivery network (CDN) has been playing an important role in accelerating users' visit speed, bring good experience for popular web sites around the world. It has become a common security enhance service for CDN providers to offer HTTPS support to tenants. When several tenants are deployed to share a same IP address due to resource efficiency and cost, CDN providers should make comprehensive settings to ensure that all tenants' sites work correctly on users' requests. Otherwise, issues can take place such as denial of service (DOS) and privacy leakage, causing very bad user experience to users as well as potential economic loss for tenants, especially under the situation of hybrid deployment of HTTP and HTTPS. We examine the deployments of typical multi-tenant CDN providers by active measurement and find that CDN providers, namely Akaimai and ChinaCenter, have configuration problems which can result in DOS by certificate name mismatch error. Several advices are given to help to mitigate the issue. We believe that our study is meaningful for improving the security and the robustness of CDN.
[1]
Krishna P. Gummadi,et al.
Proceedings of the 2013 conference on Internet measurement conference
,
2013,
IMC 2013.
[2]
Donald E. Eastlake,et al.
Transport Layer Security (TLS) Extensions: Extension Definitions
,
2011,
RFC.
[3]
Julien Freudiger,et al.
The Inconvenient Truth about Web Certificates
,
2011,
WEIS.
[4]
Donald Eastlake rd,et al.
Transport Layer Security (TLS) Extensions: Extension Definitions
,
2011
.
[5]
Russ Housley,et al.
Internet X.509 Public Key Infrastructure Certificate and CRL Profile
,
1999,
RFC.
[6]
Robin Sommer,et al.
Revisiting SSL : A Large-Scale Study of the Internet ' s Most Trusted Protocol
,
2012
.
[7]
Georg Carle,et al.
The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements
,
2011,
IMC '11.