Howdy: My company uses WebSense with MITM SSL intercept and it works, well quite badly. Some tools detect that the certs are forged and complain bitterly or just don't work at all.
Honesty is the best policy - I believe that if I configured systems to use a SOCKS proxy that I could solve some problems in that the apps would know they were being proxied but I'm having difficulty finding material that answers my questions.
If I configured WebSense to support SOCKS5, configured IE/FF/Chrome to use a SOCKS proxy, and then added the proxy cert to the trusted list, would these clients no longer try to verify a remote site's cert chain when they accessed a site? Since they trust the proxy and know they are using a proxy, would they just trust that the proxy server is performing adequate validation?
My understanding is that TLS 1.3 will break this cheesy MITM technique anyway, I'd like to solve the problem ahead of time. Thanks!
0 Answers