Don't know if anyone-else has read mnemonic's blog post regarding SNICat.

How the security features in state-of-the-art TLS inspection solutions can be exploited for covert data exfiltration
Read the full blog post here:
https://www.mnemonic.no/blog/introducing-snicat/

It would be fun to see how Untangle NGFW handles this.