SSL inspection



  • Hello,

    When can we have SSL port 443 inspection, this will be an excellent feature for the PFsense, will it be a snort development or a different package (WAF Web application firewall)?

    Regards,
    Sam


  • Rebel Alliance Developer Netgate

    If you want to do that, setup squid and hardcode the proxy settings into the clients.

    If you want to do transparent SSL inspection, that is impossible. Some routers claim to do this but you have to install special certificates on every client so it's hardly "transparent" in the traditional sense.



  • Perhaps I am misunderstanding, but if you want to intercept SSL comunications, that can be done by proxying web access to your clients and stripping the SSL URLs, and changing them for non SSL URLs. For more information, see this site

    Another way is to use bogus certificates to replace the original ones while proxying. Believe it or not this can be done; some publicly accepted CAs had a bug that allowed the creation of certificates with "\0" in their URLs, wich is why most browsers will show the certificate for "www.google.com\0.mih4x0rdomain.com" as "www.google.com". I understand this has been corrected in most cases, but some of this certificates have not exipred yet. More info here

    Hope this helps.
    Regards


  • Rebel Alliance Developer Netgate

    Both of those are pretty much what I said… but obviously relying on that second bug to stick around would not be wise.



  • Any example on how to use the first option (SSL STRIP)?


Locked