On 2023-12-09 04:02, Claudio Jeker wrote:
>
> Don't do it. This "TLS inspection" mode is broken and it is close to
> impossible to fix it. The way the MITM cert is built is not smart enough
> and does not consider many special cases like SAN certs and OCSP.
> It works for simple things but does not work as a generic SSL interceptor.
>
Hi Claudio and list,
Ah, I was experimenting with this this week and couldn't understand why
I was getting similar errors.
I'd still like TLS inspection on one of my routers and while I usually
try to stick with the tools that ship with each OpenBSD install, I was
wondering if anyone could recommend any third party software with a good
security track record ?
I believe nginx can operate as a reverse proxy / application layer
gateway ... can it also do TLS inspection for user traffic ?
Thanks,
- J
No comments:
Post a Comment