Results 1 to 2 of 2
  1. #1
    Newbie
    Join Date
    Nov 2020
    Location
    Southgate MI
    Posts
    1

    Default TLS 1.3 ephemeral keys

    I was unable to find a write up on how Untangle handles this so if someone has one that would be great.

    Since adding TLS 1.3 support I was looking for some technical details on how Perfect Forward Secrecy (PFS) is being handled by the SSL inspector. Does Untangle terminate the SSL connection established by the client and establish a new SSL connection to the server? I am assuming this is how it would work so from a clientís perspective, Untangle becomes the server and from the original TLS 1.3 serverís perspective, Untangle would become the client. My concern would be considering that Untangle would not just be inspecting the SSL traffic but terminating the connections would this cause some performance by the higher resource requirements. Also, does Untangle 16.10 automatically disable the QUIC protocol when turning on the SSL inspector?

  2. #2
    Untangler
    Join Date
    Jan 2019
    Posts
    81

    Default

    For QUIC, there is an option in Web Filter for that purpose.
    http://wiki.untangle.com/index.php/W...#Block_Options

    The SSL Inspector also has an FAQ suggesting to do it with a Firewall or Filter Rule (but the above is easier if your have Web Filter enabled).
    http://wiki.untangle.com/index.php/SSL_Inspector_FAQs
    lawrencesystems likes this.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2