Page 1 of 1

Sonic Fiber — Occasional SSL Validation Failures, BGW320's cert presented in place of legit host's

Posted: Mon Oct 25, 2021 1:14 pm
by jrmiddle
Occasionally over the past few months, devices (phones / computers) on our network have complained about certificate validation failures for well-known sites—GMail, iCloud, GCalendar, and as one can see below, PagerDuty. It looks very much like the modem's cert is being presented to the client, rather than the site's; this gives me the heeby-jeebies. This happens on our computers (all MacOS) and phones (iOS and Android). iOS pictured:

Image

While the user didn't provide much technical detail on this post from 3 years ago on the ATT forums (https://forums.att.com/conversations/att-internet-equipment/ssl-error/5deff6bdbad5f2f606832ea9), the symptoms being described are similar (also worrying is ATT support's implying that the user should disable some privacy controls in Chrome).

Is there a simple explanation that can account for why this happens? My default reaction is to Be Very Concerned.

Re: Sonic Fiber — Occasional SSL Validation Failures, BGW320's cert presented in place of legit host's

Posted: Wed Nov 03, 2021 2:44 pm
by viralvacancy
I have sonic fiber and an Eero 6 pro mesh network setup and for the past few weeks I have been experiencing ssl Validation failures on all of my different devices/browsers. I too am very concerned. I don't know what to think but this post has me thinking it could have something to do with sonic?

Any insights appreciated. Thanks.

-Kevin

Re: Sonic Fiber — Occasional SSL Validation Failures, BGW320's cert presented in place of legit host's

Posted: Thu Nov 04, 2021 8:20 am
by ngufra
Can you describe your sonic connection (sonic fiber, AT&T resold fiber, dsl fusion, etc)
Are you using proxies?
Do you do any kind of packet inspection/optimization? that would explain why the modem certificates would be used as it needs to decrypt the packets and re encrypt them with its own certificates.

[edit: your screenshot show AT&T. It could be they use their own certificate to be able to optimize traffic, and re ssl it with their cert.]

Re: Sonic Fiber — Occasional SSL Validation Failures, BGW320's cert presented in place of legit host's

Posted: Wed Dec 01, 2021 3:38 pm
by jrmiddle
Sonic fiber (which I believe is ATT resold), no proxies, no DPI. We have two wifi networks—one managed by Unifi hardware, with the main AP wired to the ATT modem, and the one vended by the ATT modem itself. I use the former, my partner uses the latter for WiFi 6 support. We see the same symptoms.

Regardless of their optimization goals, I have a hard time seeing silently MITMing encrypted connections as appropriate.

Re: Sonic Fiber — Occasional SSL Validation Failures, BGW320's cert presented in place of legit host's

Posted: Wed Dec 01, 2021 3:51 pm
by ngufra
>Regardless of their optimization goals, I have a hard time seeing silently MITMing encrypted connections as appropriate.
You are talking about AT&T here.
Those with room 641A in their SFO facility.
What did you expect? :-)