zlacker

[return to "BlueCoat and other proxies hang up during TLS 1.3"]
1. db48x+D2[view] [source] 2017-02-28 02:06:00
>>codero+(OP)
The long-term solution is simply not to work anywhere that insists on running a MITM attack on all of your communications.
◧◩
2. Viper0+U2[view] [source] 2017-02-28 02:10:16
>>db48x+D2
Isn't MITM required in enterprise environments where they want to filter content? Unless you want to run it client-side which isn't usually an option.
◧◩◪
3. discre+m4[view] [source] 2017-02-28 02:33:46
>>Viper0+U2
Basic filtering can be done via passively inspecting SNI headers and terminating connections to verboten hosts. However, that's not enough for some orgs, and some software works around it: https://www.bamsoftware.com/papers/fronting/
◧◩◪◨
4. ec1096+Ga[view] [source] 2017-02-28 04:00:04
>>discre+m4
Even simple tls handshake filtering is broken with BlueCoat's implementation.
[go to top]