Can a VPN Provider MitM my SSL traffic without me noticing?

How does the provider forward the traffic without exposing my IP, but also without breaking the SSL.

SSL is protection (like encryption) on top of TCP which sits on top of IP. The underlying layers (TCP, IP) can be changed without changing the data transported. This means that the encryption can be kept even though your IP address at the network layer is changing.

This is similar to having an encrypted mail (i.e. PGP or S/MIME). It does not matter if it gets transported via multiple mail servers, gets stored on different machines etc - the encrypted part of the mail itself and its inner content will not be changed.

... but how do next gen firewalls like palo alto claim they can do deep packet inspection on ssl traffic without the users noticing?

They don't. If the inner contents of SSL connections need to be analyzed the DPI system does a man in the middle "attack", i.e. it is the endpoint of the SSL connection from the perspective of the server and decrypts any traffic and encrypts it again to present it to the client. Usually this will result in security warning to the user since the new certificate for the connection (created by the DPI system) is not trusted. But this can be made more transparent to the user if the user explicitly trusts the DPI appliance.

For the details to this see How does SSL Proxy server in company work?, Deep Packet Inspection SSL : How DPI appliances prevent certificates warnings? or Is it common practice for companies to MITM HTTPS traffic?.

Why can't the VPN provider just use a similar box to decrypt it?

It actually could do this.

Only, in theory users would need to explicitly trust the VPN provider for inspecting SSL traffic similar to what is done in companies. But, if you for example install the VPN software provided by the VPN provider, this software could actually silently trust the computer the VPN provider for SSL interception so that you don't realize that the provider can sniff and even modify the encrypted traffic. This silent installation of trusted certificate authorities is actually what many antivirus products do, so that they sniff encrypted traffic and protect the user from attacks delivered inside encrypted connections.

One could in theory find out that the provider is doing this by looking at the certificate chain for each SSL connection and comparing it to the expected one. Or one can look at the locally trusted certificate authorities and see if there was one added. Still, if you install software from the VPN provider the provider could also change parts of your system like the browser in order to hide the inspection from you. And this is not restricted to software given by the VPN provider - any software you install could actually make such changes.

See also How can I detect HTTPS inspection?.


The short answer is: Your VPN provider can do anything your ISP can do if you're not using a VPN.

This may include breaking TLS, if your browser trusts a root CA, which issued an intermediate certificate for middle boxes. You're shifting the trust in not doing so from your ISP to the VPN provider.

Most such middle boxes require the users to install a new root CA. You're protected against that, because you probably didn't install a certificate from you VPN provider. But there were some appliances which had valid browser trusted intermediate certificates in the past. I am not sure if there are still some.


Can a VPN Provider MitM my SSL traffic without me noticing?

Regarding this specifically, unless they have the web site's private key, then you can notice. If you trust the VPN provider's certificate in your browser(s), then you have to actively look harder at which cert each site is using, of course, but you CAN notice if you pay attention. Browser extensions like Certificate Patrol can help if you visit the sites both with and without your VPN; they'll notify on certificate changes.

Shouldn't gmail know my real IP if the traffic just gets tunneled through the provider?

Maybe; it depends. The originating IP address is that of the VPN provider; however, if gmail or another web site sends Javascript or another language's scripts to your browser that your browser accepts and runs that collects your IP (or other, even more private information), then sends that to the orginating - or a third party!

If that transmission is over unbroken TLS, your information was only given to the site it was sent to and everyone that that site shares it with willingly or unwillingly.

If that transmission was unencrypted, everyone between you and them ALSO can see it.

If that transmission was encrypted with broken encryption, it's highly complex, but is somewhere between the two extremes above.

I thought about invalid certificates if the ssl gets broken, but how do next gen firewalls like palo alto claim they can do deep packet inspection on ssl traffic without the users noticing?

They do so because they have a copy of the very same private key for the certificate the web server itself uses! Just as the web server decrypts the TLS traffic with its private key, the appliance decrypts its copy of the traffic with the web server's private key.

Why can't the VPN provider just use a similar box to decrypt it?

The VPN company having a copy of the end web site's TLS private key would be a highly exceptional circumstance involving major nation-state actors, exceptional criminal activity, and/or the bleeding edge of critical zero day exploits like Heartbleed.

I am a bit curious about how much data a VPN provider could potentially collect about me.

As least as much as you think you allow them to.

Do you send your DNS requests over the VPN? They can see that. If not, your ISP can see it.

Do you allow HTTP traffic? They can see - and alter in transit - that. Watch out, that includes third party traffic.

They can definitely see which IP addresses you're going to, and the patterns of data you move. They can then match that against statistically significant analysis of lots of people's traffic as well as deliberate tests and public information they collect.

  • i.e. You send some too large to be simple page request packets to https://security.stackexchange.com? You're submitting something you typed to the Stackexchange network of sites; a simple correlation of those large transmissions with new questions and answers will very quickly reveal your stackexchange username.

Do you allow broken encryption algorithms? They may or may not be able to see that.

You certainly have zero insight as to what they log, regardless of what they claim (or are forced to claim depending on the governments in control of every server involved in your traffic and of the management of that company and the people in it - if your VPN endpoint, or the corporate management, or the multiply subcontracted server admins is/are in RepressiveRegimeX, RepressiveRegimeX has a great deal of power over it.

Try, at least for awhile, Firefox with the uMatrix plugin (to show you the mappings of what third party requests are being made by the sites you visit), and with HTTPS Everywhere to limit the use of HTTP.

Also in Firefox, go to about:config, search on tls to see the TLS versions allowed, and search on ssl3 to see which cipher suites are enabled.

On each browser you use, go to SSLLabs and do a client test to see what might be weak that that browser allows on that machine; remove those.

As an advanced option, use wireshark or another tool to watch what's actually going over your VPN, and what's not. You may - or may not - be able to see an actual TLS connection being made, so you can see the cipher suite or algorithm choice negotiated.

  • Pay particular attention to where your DNS requests, UDP port 53, are going. Through your VPN provider, or not?