Re: deep packet inspection over no TLS/SSL traffic

2022-05-08 Thread Riccardo Giuntoli
It could be and I already done using rdomains, pair and pf match with tag and pass with route-to. What I just start to use (yesterday after writing this email) is in the head of the wireless internet service provider, one application of my network, is using nDPI iptables module in mangle PREROUTIN

Re: deep packet inspection over no TLS/SSL traffic

2022-05-08 Thread Fabio Martins
On Sunday, May 8, 2022, Riccardo Giuntoli wrote: > Hello there, I've got a little wireless service provider where the edge > connect to different VPS providers in many geographic locations. One of > them, based in US, is applying DMCA doing DPI above no encrypted traffic. > > Now all my VPS are O

Re: OpenBSD ftp and libtls: how to use session resumption with -S

2022-05-08 Thread Marc Espie
On Sun, May 08, 2022 at 10:42:52AM +0200, Hiltjo Posthuma wrote: > On Sat, May 07, 2022 at 10:13:40PM +0200, Marc Espie wrote: > > On Fri, May 06, 2022 at 08:13:42AM -, Stuart Henderson wrote: > > > On 2022-05-06, Theo Buehler wrote: > > > > While we could readily make libssl fall back to the

Re: OpenBSD ftp and libtls: how to use session resumption with -S

2022-05-08 Thread Fabio Martins
On Sunday, May 8, 2022, Hiltjo Posthuma wrote: > > > The actual HTTP data sent (not just the package data itself) is not > immediately > visible, filterable or changed by a MiTM. They also cannot easily see which > packages are installed or filter errata's, right? > > -- > Kind regards, > Hiltjo

Re: HP T430 "Thin Client": Won't sysupgrade without HDMI monitor attached.

2022-05-08 Thread Nick Holland
On 5/7/22 5:40 PM, Mike Larkin wrote: On Fri, May 06, 2022 at 11:39:51PM -0400, Nick Holland wrote: ... For giggles, I did a "gop" and a "video" at the boot> prompt, and both came back with no response, just another boot> prompt. just 'gop' amd 'video'? These should be "machine gop" and "ma

deep packet inspection over no TLS/SSL traffic

2022-05-08 Thread Riccardo Giuntoli
Hello there, I've got a little wireless service provider where the edge connect to different VPS providers in many geographic locations. One of them, based in US, is applying DMCA doing DPI above no encrypted traffic. Now all my VPS are OpenBSD I want to apply the same policy to not incur in servi

Re: OpenBSD ftp and libtls: how to use session resumption with -S

2022-05-08 Thread Hiltjo Posthuma
On Sat, May 07, 2022 at 10:13:40PM +0200, Marc Espie wrote: > On Fri, May 06, 2022 at 08:13:42AM -, Stuart Henderson wrote: > > On 2022-05-06, Theo Buehler wrote: > > > While we could readily make libssl fall back to the legacy stack if > > > SSL_OP_NO_TICKET is disabled, I don't think this op