On 14/06/2014 1:23 p.m., MrErr wrote:
> Does this mean that dstdomain does not work with ssl-bump?
Yes and no. It works with CONNECT bumping in regular proxy traffic. It
does not work on intercepted port 443 traffic reliably.
>
> My other reason for not using "ssl-bump server-first all" is that the kindle
> fire stops working. I read that it was because of something called ssl
> pinning. So i do need to get some kind of targeted bumping to happen.
>
HSTS probably. And yes those sites bumping does not work for.
Amos
Received on Sat Jun 14 2014 - 03:10:35 MDT
This archive was generated by hypermail 2.2.0 : Sat Jun 14 2014 - 12:00:04 MDT