[dns-operations] [EXT] Re: need recommendation for filtering outbound HTTPS
Grant Taylor
gtaylor at tnetconsulting.net
Sun May 12 16:03:33 UTC 2019
On 5/12/19 1:57 AM, Jacques Latour wrote:
> From an enterprise point of view (CIRA), we decrypt all outbound
> SSL/TLS and then created a rule to filter out http-req-headers =
> application/dns-message. We implemented this on our Palo FW. Seems to
> work.
Doesn't this require control of one of the TLS 1.3 endpoints such that
you can specify parameters so that your MitM inspection system can get
into the encryption stream?
I don't see how that's going to help in the scenario (as I understand
it) that Paul is describing.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190512/15683e9f/attachment.bin>
More information about the dns-operations
mailing list