Hello, I have been going through something very interesting recently that relates to this. We have a customer who google is flagging for "abusive" search behavior. Because google now forces all search traffic to be SSL, it has made attempting to track down the supposed "bad traffic" extremely difficult. We have contacted google through several channels and no one at google who we've worked with is able to provide us any factual examples of what they are seeing and because of the traffic being encrypted all our usual capture and analysis tools have been fairly useless. I'm sure this this will be more and more prevalent but its really frustrating when the vendor who forces SSL cannot or will not provide actual documentation that can help us investigate. So far the only ideas we've come up with are to play some tricks with DNS overrides and force the users to non SSL search so we can inspect http traffic or we were also looking into doing something like using SQUID mitm SSL and allow us to at least inspect the traffic there. Overall we're not thrilled about the other side effects / implications that can be caused by these workarounds, and in this situation our customer who happens to be a customer of several google apps is very disappointed that they cannot be more cooperative. I am very interested to hear if others have run into similar situations and how it was handled etc. I am sure we will see this type of issue again with the number of hosted and SaaS solutions growing exponentially, so we are looking into various options so that in the future we have better accomodations to handle this situation with or without cooperation on the hosted side. chris On Sun, Jan 18, 2015 at 7:29 AM, Grant Ridder <shortdudey123@gmail.com> wrote:
Hi Everyone,
I wanted to see what opinions and thoughts were out there. What software, appliances, or services are being used to monitor web traffic for "inappropriate" content on the SSL side of things? personal use? enterprise enterprise?
It looks like Websense might do decryption ( http://community.websense.com/forums/t/3146.aspx) while Covenant Eyes does some sort of session hijack to redirect to non-ssl (atleast for Google) ( https://twitter.com/CovenantEyes/status/451382865914105856).
Thoughts on having a product that decrypts SSL traffic internally vs one that doesn't allow SSL to start with?
-Grant