"
Recently some researches tested several applicanes for TLS interception. Among them is also opnsense (they use "opensense"). It's a fairly lengthy, but interesting publication:
https://dl.acm.org/doi/10.1145/3372802
The Sorry State of TLS Security in Enterprise Interception Appliances
There were also some issues with opnsense. Maybe they are already fixed or the researches already have contacted the team?
If this is not the case, do you know any config options for squid to mitigate these issues?
https://dl.acm.org/doi/10.1145/3372802
The Sorry State of TLS Security in Enterprise Interception Appliances
There were also some issues with opnsense. Maybe they are already fixed or the researches already have contacted the team?
If this is not the case, do you know any config options for squid to mitigate these issues?
