Re: [pfSense] Problem with Chrome - HTTP trasnparent proxy with SSL filtering

On 4/11/17 11:41 pm, Jon Gerdes wrote: We all need to have a deep think about what https *really* *really* means. * The aim of SSL/TLS is to ensure confidentiality from one point to another If I put up a website and I want to guarantee that the connection between my website and the end user is

Re: [pfSense] Problem with Chrome - HTTP trasnparent proxy with SSL filtering

Roberto We all need to have a deep think about what https *really* *really* means. * The aim of SSL/TLS is to ensure confidentiality from one point to another * In a browser, there is a trust store of Certification Authorities and a SSL/TLS certificate that is signed by a CA is trusted if

Re: [pfSense] Problem with Chrome - HTTP trasnparent proxy with SSL filtering

> Am 03.11.2017 um 14:40 schrieb Richard A. Relph : > > I’ve heard Google will be removing certificate pinning from Chrome soon… > Yeah, for public sites. They’ll still make sure nobody can sign anything *.google.*, have users import a private root certificate and then

Re: [pfSense] Problem with Chrome - HTTP trasnparent proxy with SSL filtering

Public or private CA, the issue will persist. On Nov 3, 2017 8:39 AM, "Roberto Carna" wrote: > OK Jon, thanks for your time and explanation. > > So a last qustion please: now I put in Squid of pfSense a private CA > certificate...is it the same if I put a public CA

Re: [pfSense] Problem with Chrome - HTTP trasnparent proxy with SSL filtering

I’ve heard Google will be removing certificate pinning from Chrome soon... > On Nov 3, 2017, at 8:26 AM, Yaroslav Samoylenko wrote: > > Chrome has a Certificate Pinninng feature. This feature takes the Google > certs and checks their finger prints against the good known. > >

Re: [pfSense] Problem with Chrome - HTTP trasnparent proxy with SSL filtering

Chrome has a Certificate Pinninng feature. This feature takes the Google certs and checks their finger prints against the good known. AFAIK this is an issue with all HTTPS proxies from at least BlueCoat, Cisco, SonicWall and Checkpoint. The suggested solution is to bypass SSL filtering those

Re: [pfSense] Problem with Chrome - HTTP trasnparent proxy with SSL filtering

OK Jon, thanks for your time and explanation. So a last qustion please: now I put in Squid of pfSense a private CA certificate...is it the same if I put a public CA certificate? Will I experience the same HTTPS behaviour related to Chrome and Firefox? Thanks a lot again. ROBERTO 2017-11-02

Re: [pfSense] Problem with Chrome - HTTP trasnparent proxy with SSL filtering

Roberto NFF: Product working as designed When you use splice, you are doing a Man In The Middle (MitM) attack on your own users. Chrome is a Google product and they have enabled https ://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning and other things to detect this sort of thing. This could be

[pfSense] Problem with Chrome - HTTP trasnparent proxy with SSL filtering

People, I have pfSEnse 2.4 with Squid and Squidguard. I enable HTTP transparent proxy and SSL filtering with Splice All. >From our Android cell phones, if we use Firefox TO NAVIGATE everything is OK, but if we use Chrome we can't go to Google and some other HTTPS sites. We reviewed firewall