zlacker
[parent]
[thread]
1 comments
1. discre+(OP)
[view]
[source]
2017-02-28 02:33:46
Basic filtering can be done via passively inspecting SNI headers and terminating connections to verboten hosts. However, that's not enough for some orgs, and some software works around it:
https://www.bamsoftware.com/papers/fronting/
replies(1):
>>ec1096+k6
◧
2. ec1096+k6
[view]
[source]
2017-02-28 04:00:04
>>discre+(OP)
Even simple tls handshake filtering is broken with BlueCoat's implementation.
[go to top]