SSL Inspection Protocol Overview
The SSL Inspection Protocol can be described using the following example:
- When the user wants to search using the Chrome web browser, Chrome by default uses the https://www.google.com secure web site.
- When the user types in their search and presses Enter, the web browser makes a special HTTP request to the CONNECT www.google.com:443 proxy.
- Normally, the proxy would connect to the server www.google.com at port 443, then it would shuttle encrypted traffic back and forth between the web browser and the web server.
- In this case, the proxy is unable to see what the user is searching for or what results are returned. This prevents the Scan Ahead and Safe Search features from working, and prevents detailed logging and content categorization.
- With SSL Inspection, instead of just connecting the web browser to www.google.com none the wise, the proxy gives the web browser permission, generates an SSL certificate for www.google.com on the fly, and negotiates TLS/SSL with the client using this certificate.
- The web browser thinks it has a secure connection to www.google.com over port 443, after which the proxy makes an SSL connection to the server www.google.com over port 443, negotiating the connection with Google's certificate.
- At this point, www.google.com thinks it is being securely browsed by a web browser. From here on out, the proxy sees unencrypted traffic going back and forth with each request, and Scan Ahead and Safe Search work, we can have detailed logging and content categorization.
