Revealing CDN-Side Cybersecurity Risks in HTTPS Connections
摘要
Content delivery networks (CDNs) are crucial for enhancing website performance by reducing data delivery latency and mitigating DDoS attacks. However, the three-party HTTPS model involving CDNs introduces cybersecurity risks that demand greater technical expertise and user awareness. This paper addresses the security issues of Moroccan websites using CDNs in HTTPS communications. We identify the percentage of HTTPS websites using CDNs among Morocco’s top 50 websites, determine the most adopted CDN providers, and evaluate their security levels by assessing X.509 certificates and the reliability of different cipher suites negotiated by these CDNs. Our findings reveal that while most administrators prefer CDN servers for content delivery, many still support vulnerable HTTPS configurations. Thus, implementing HTTPS in the tripartite model requires more technical skills and increased user awareness compared to the traditional bipartite model.