My college is forcing me to install their SSL certificate (opens in new tab)

(security.stackexchange.com)

26 pointsmikegirouard10y ago2 comments

2 comments

One day, many networks will simply drop TLS connections that cannot be decrypted and inspected on the fly. Outbound SSH and general application packet data that has high entropy will be dropped too.

These certs are used to terminate TLS connections at the network edge, then some device makes the requests out on behalf of the clients. Decrypt, inspect, pass back and forth (only if it is authorized).

This is done in the name of 'security'. The companies that sell these devices assert that is makes us all safer.

mmebane10y ago

> then some device makes the requests out on behalf of the clients.

Well, that, or horribly mangles them. My employer uses Blue Coat ProxySG, and browsing Wikipedia in Chrome has been impossible for a few months. [1] Before that, it was anything which prioritized ECDHE ciphers and used Fallback SCSV, like the Mozilla Developer Network site. It's a pain in the butt.

[1]: https://code.google.com/p/chromium/issues/detail?id=511976#c...

j / k navigate · click thread line to collapse