Mailinglist Archive: opensuse (1355 mails)

< Previous Next >
Re: [opensuse] Re: opensuse mailing list site ridiculousness (TLS on Repositories)
On 06/17/2018 09:37 AM, L A Walsh wrote:
Lew Wolfgang wrote:
The IPS did deep-packet inspection only on http, it
wasn't a MITM decrypter
---
    How do they do deep-packet inspection if they
can't peek inside the encrypted stream?  I can't say
for certain, but I always assumed deep packet inspection implied some sort of decrypting.

The IPS didn't do deep-packet inspection of https, which is
why my problem would have gone away if the repos were https,
The IPS deep-packet inspected only the unencrypted sessions.

Note that I've not been involved with the IPS there for years,
but to the best of my knowledge they still don't do MITM https
stream unpacking at this time.

BTW, I think it's possible to detect enterprise-level MITM decryption,
but don't know the details.  I vaguely remember something about
certificate pinning.  Any thoughts?  I haven't googled this yet...

Regards,
Lew


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups