Results 1 to 2 of 2
  1. #1
    Join Date
    Nov 2020
    Southgate MI

    Default TLS 1.3 ephemeral keys

    I was unable to find a write up on how Untangle handles this so if someone has one that would be great.

    Since adding TLS 1.3 support I was looking for some technical details on how Perfect Forward Secrecy (PFS) is being handled by the SSL inspector. Does Untangle terminate the SSL connection established by the client and establish a new SSL connection to the server? I am assuming this is how it would work so from a clientís perspective, Untangle becomes the server and from the original TLS 1.3 serverís perspective, Untangle would become the client. My concern would be considering that Untangle would not just be inspecting the SSL traffic but terminating the connections would this cause some performance by the higher resource requirements. Also, does Untangle 16.10 automatically disable the QUIC protocol when turning on the SSL inspector?

  2. #2
    Join Date
    Jan 2019


    For QUIC, there is an option in Web Filter for that purpose.

    The SSL Inspector also has an FAQ suggesting to do it with a Firewall or Filter Rule (but the above is easier if your have Web Filter enabled).
    lawrencesystems likes this.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

SEO by vBSEO 3.6.0 PL2