On 2023-12-09 04:02, Claudio Jeker wrote:
Don't do it. This "TLS inspection" mode is broken and it is close to
impossible to fix it. The way the MITM cert is built is not smart enough
and does not consider many special cases like SAN certs and OCSP.
It works for simple things but does not work as a generic SSL interceptor.
Hi Claudio and list,
Ah, I was experimenting with this this week and couldn't understand why
I was getting similar errors.
I'd still like TLS inspection on one of my routers and while I usually
try to stick with the tools that ship with each OpenBSD install, I was
wondering if anyone could recommend any third party software with a good
security track record ?
I believe nginx can operate as a reverse proxy / application layer
gateway ... can it also do TLS inspection for user traffic ?
Thanks,
- J
