|
|
|
|
|
|
by meindnoch
374 days ago
|
|
|
>Also shoving every protocol under the sun into HTTPS just feels wrong. I get why it's happening (too many middleware boxes and ISPs think internet == web). But the HTTP part of HTTPS is invisible to middleboxes. They see an opaque TLS stream. |
|
|
Some middleboxes inspect the TLS session setup (e.g., SNI sniffing) and in some corporate environments they even decrypt the traffic (this relies on the endpoints having a root certificate installed that allows this functionality, which is something you'd see in a corporate environment).