On 4/11/17 11:41 pm, Jon Gerdes wrote:
We all need to have a deep think about what https *really* *really*
means.
* The aim of SSL/TLS is to ensure confidentiality from one point to
another
If I put up a website and I want to guarantee that the connection
between my website and the end user is se
Roberto
We all need to have a deep think about what https *really* *really*
means.
* The aim of SSL/TLS is to ensure confidentiality from one point to
another
* In a browser, there is a trust store of Certification Authorities and
a SSL/TLS certificate that is signed by a CA is trusted if sig
> Am 03.11.2017 um 14:40 schrieb Richard A. Relph :
>
> I’ve heard Google will be removing certificate pinning from Chrome soon…
>
Yeah, for public sites. They’ll still make sure nobody can sign anything
*.google.*, have users import a private root certificate and then sniff
connections to t
Public or private CA, the issue will persist.
On Nov 3, 2017 8:39 AM, "Roberto Carna" wrote:
> OK Jon, thanks for your time and explanation.
>
> So a last qustion please: now I put in Squid of pfSense a private CA
> certificate...is it the same if I put a public CA certificate? Will I
> experien
I’ve heard Google will be removing certificate pinning from Chrome soon...
> On Nov 3, 2017, at 8:26 AM, Yaroslav Samoylenko wrote:
>
> Chrome has a Certificate Pinninng feature. This feature takes the Google
> certs and checks their finger prints against the good known.
>
> AFAIK this is an is
Chrome has a Certificate Pinninng feature. This feature takes the Google
certs and checks their finger prints against the good known.
AFAIK this is an issue with all HTTPS proxies from at least BlueCoat,
Cisco, SonicWall and Checkpoint.
The suggested solution is to bypass SSL filtering those site
OK Jon, thanks for your time and explanation.
So a last qustion please: now I put in Squid of pfSense a private CA
certificate...is it the same if I put a public CA certificate? Will I
experience the same HTTPS behaviour related to Chrome and Firefox?
Thanks a lot again.
ROBERTO
2017-11-02 20:4
Roberto
NFF: Product working as designed
When you use splice, you are doing a Man In The Middle (MitM) attack on
your own users. Chrome is a Google product and they have enabled https
://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning and other things to
detect this sort of thing.
This could be s
People, I have pfSEnse 2.4 with Squid and Squidguard.
I enable HTTP transparent proxy and SSL filtering with Splice All.
>From our Android cell phones, if we use Firefox TO NAVIGATE everything
is OK, but if we use Chrome we can't go to Google and some other HTTPS
sites.
We reviewed firewall rule