Don't know if anyone-else has read mnemonic's blog post regarding SNICat.
Read the full blog post here:How the security features in state-of-the-art TLS inspection solutions can be exploited for covert data exfiltration
https://www.mnemonic.no/blog/introducing-snicat/
It would be fun to see how Untangle NGFW handles this.