使用代理拦截 SSL 流量的 Web 保护产品如何与实施 SSL 固定的站点一起使用?
How do the web protection products which intercept SSL traffic using proxy, work with sites implementing SSL pinning?
使用代理拦截 SSL 流量的 Web 保护产品如何与实施 SSL 固定的网站协同工作?
拦截 SSL 流量的 Web 保护产品示例 -
Blue Coat 代理 SG
Sophos 网关
McAfee Web 网关
https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning :
Firefox and Chrome disable Pin Validation for Pinned Hosts whose
validated certificate chain terminates at a user-defined trust anchor
(rather than a built-in trust anchor). This means that for users who
imported custom root certificates all pinning violations are ignored.
换句话说,对于那种拦截,SSL pinning 是禁用的,因为用户同意拦截(通过安装软件/证书)
使用代理拦截 SSL 流量的 Web 保护产品如何与实施 SSL 固定的网站协同工作?
拦截 SSL 流量的 Web 保护产品示例 - Blue Coat 代理 SG Sophos 网关 McAfee Web 网关
https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning :
Firefox and Chrome disable Pin Validation for Pinned Hosts whose validated certificate chain terminates at a user-defined trust anchor (rather than a built-in trust anchor). This means that for users who imported custom root certificates all pinning violations are ignored.
换句话说,对于那种拦截,SSL pinning 是禁用的,因为用户同意拦截(通过安装软件/证书)