I have a client program that talks to a web server through a SSL connection (https). How safe is this connection? I bought a SSL certificate installed on my web server, so my understanding is that even if someone attemps a man-in-the-middle attack between my client and my server they would not have the certificate? Is this true?
So for example if they attempted to redirect the hostname http://www.myserver.com to an ip they own, the https will still fail because the connection will report an untrusted source without the certificate installed?
Just wanted to point out that my program is a binary, not a web page that a user will see through a browser. Therefore they cannot simply press “accept untrusted SSL” and carry on. My binary is coded to exit if a untrusted SSL connection is detected. Given that, is it still possible for someone “in the middle” to redirect the traffic to somewhere and extract the encrypted data?
Thanks!
If the ‘man-in-the-middle’ actually sits on the client computer (think of a virus, trojan or other malware) they can read/modify anything going on over that connection. However, between the client and the server, the connection is quite safe, provided your client program checks the validity of the SSL certificate.