Here's something nasty. The firewall where I am working (provided by Palo Alto N... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Wildgoose on Dec 14, 2018 \| parent \| context \| favorite \| on: Everything you should know about certificates and ... Here's something nasty. The firewall where I am working (provided by Palo Alto Networks) can decrypt https and other "secure" traffic passing through it. I believe it auto-negotiates down to TLS 1.1 at which point it can decrypt everything to plain-text and can examine it to its hearts content. They are supposed to whitelist financial addresses (such as banking details) but would you trust that to be happening?

black-tea on Dec 15, 2018 [–]

That's sadly quite normal in corporate networks. It only works because on your computer you have the firewall installed a root CA, though. If you didn't you would immediately be alerted of the man-in-the-middle attack the firewall is doing.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact