4

Does HTTPS encrypt metadata?

Not Necessarily what is on the page, or ads or anything like that, but it is possible for someone else to know metadata i.e what the tab is called or just the website name?

Gooby26
  • 41
  • 1
  • 2
  • Please don't close this question as duplicate as [How does SSL/TLS work?](http://security.stackexchange.com/questions/20803/how-does-ssl-tls-work). This question is very specific asking only about meta data only and this information is not easy to extract from the long and in-depth technical description of how TLS works the other question provides. – Steffen Ullrich Nov 17 '16 at 16:42
  • 1
    What is metadata? I think this needs to be more specific. – jwilleke Nov 17 '16 at 19:29

3 Answers3

9

Does HTTPS encrypt metadata?

TLS will only encrypt the payload. Notably the following meta data are still available in clear:

  • Layer 3/4 information, notably source and destination IP/port of the connection:
    This can be used to get information about the client, i.e. the network where the client comes from. Additional information like TTL, initial sequence numbers, initial window size can be used for passive fingerprinting to detect the OS. And the target IP can be used to get information about the server, i.e. what the client is visiting.
  • The target domain name if SNI is used:
    SNI is used by all modern TLS stacks at least for HTTPS. This can be used to further determine the target of the clients connection.
  • Cipher suites and extensions offered by the client:
    This can be used to fingerprint the client, i.e. detect which kind of browser and maybe OS version is used.
  • The servers certificate:
    this adds some more information about the target of the connection and often provides the exact domain name even if SNI is not used (like in non-HTTTPS connections).
  • The optional client certificate:
    since this might be used for authentication it adds some useful information about the client.
  • Size and timing of the transferred data:
    While the exact size might not be available when looking at the encrypted data the approximate size can be determined. Together with timing and direction of transfer (i.e. traffic flow) this can be used to find out which protocol might be spoken (HTTP, SMTP, VPN...) because different protocols have different flow characteristics. If used on HTTPS only on a target site with unrestricted access it might even be possible to narrow down which of the public available pages on the site the client has visited.
Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
2

The domain is transmitted in the clear, first by the client in SNI and then by the server in the certificate. The title of the browser tab is encrypted.

The IP address, the domain, and the time are all metadata available to anyone with access to your telco or your ISP. General Michael Hayden, director of the NSA, said "We kill people based on metadata".

In TLS 1.3, which is deployed today behind feature flag in beta browsers and might get finished the standardization process and be enabled by default in six months, will encrypt the domain name too. But that will still leave two IP addresses and the time.

Z.T.
  • 7,963
  • 1
  • 22
  • 36
  • 2
    I don't think that encryption of the domain name (i.e. SNI extension) for TLS 1.3 is true. While it was a goal in 2014 it seems to have died off because it conflicts with the performance goal: you need to have some form of key exchange to get a key for SNI encryption before you can send the SNI extension. Looking at the current version of the TLS 1.3 draft it looks like SNI ist still send in plain. – Steffen Ullrich Nov 17 '16 at 05:55
0

The requested IP and domain (because of SNI) is visible, but the rest is encrypted.

Julian
  • 181
  • 1
  • 4