undefined | Better HN

0 pointsicebraining14y ago0 comments

Since it's HTTPS, those proxies can't see the traffic anyway, so as long as they used SSL on port 443, they could use any protocol on top.

0 comments

jodrellblank14y ago

They potentially can; commercial firewalls can man-in-the-middle HTTPS traffic with a locally signed and organization-computer-trusted SSL certificate.

icebrainingOP14y ago

Yes, you're right, in fact I found a few weeks ago that even Squid can do that.

skeletonjelly14y ago

Fiddler also: http://www.fiddler2.com/fiddler/help/httpsdecryption.asp

Great for debugging third party https stuff.

FaceKicker14y ago

How does that work? I thought all verification of certificates was done in the browser...

jevinskie14y ago

IT installs the corporate MITM certificate on all of their computers so the browsers accept them as valid.

latortuga14y ago

Would this still affect the iPhone 4S though? If I understand this all correctly, I think that corporate IT would have to install the self-signed root cert on your phone for Siri to be MITM'd. There's no reason for your phone to trust it otherwise.

j / k navigate · click thread line to collapse