0
as per my knowledge, in SSL/TLS , only the source and destination machine can decrypt the message during a data communication . Then how a firewall like (Cyberoam) monitors the SSL Traffic, Like content filtering. Hows its possible?? did they use another ssl certificate between client and firewall?
Tibin
Posted 2016-03-05T06:12:50.253
Reputation: 164
Most of the time, the intermediary system intercepts the SSL handshake, injects its own certificate and proxies the flow. This kind of technique is transparent to both ends of the connection. – Frank Thomas – 2016-03-05T06:35:30.487
So, we use the certificate issued by the firewall. But how did the firewall intercept the traffic in ssl. Or is it happen at the time of ssl initiation.? Please explain in detail – Tibin – 2016-03-05T08:03:27.213
HTTPS uses the same well known verbs HTTP does, for connecting to a server at a logical level. SSL in particular makes use of the CONNECT verb, which is used to establish the SSL tunnel, and start a conversation through it. The firewall simply forges traffic to send to the remote server, and responds to you as though they were the remote server. at that point there are now two encrypted circuits, and the firewall has access to the plaintext data. https://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_tunneling
– Frank Thomas – 2016-03-05T08:14:42.800