Thank you all.
On Tue 07 Aug 2012 03:30:37 AM ICT, Daniel Golle wrote:
On 06/08/12 22:57, Felix Fietkau wrote:
Do you have any solution?
There really is no good way to filter HTTPS traffic. It requires
intercepting the SSL connection and doing a man-in-the-middle-attack on
it, which requires a certificate (otherwise it'll trigger nasty warnings
on the client side). You could have automatic whitelisting for IPs
based on DNS requests, but that's complex and probably unreliable.
What about intercepting SNI?
All modern browsers announce the URL they are requesting in the intial phase of
the SSL handshare and before the connection is authenticated [1].
Anyway, just a thought which came up, not sure if it's actually possible after
all, but maybe worth the research.
1: http://en.gentoo-wiki.com/wiki/Apache2/SSL_and_Name_Based_Virtual_Hosts
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
--
Regards,
Quân
Y!IM: ng_hquan_vn
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
