
My college is forcing me to install their SSL certificate - mikegirouard
http://security.stackexchange.com/questions/104576/my-college-is-forcing-me-to-install-their-ssl-certificate-how-to-protect-my-pri
======
w8rbt
One day, many networks will simply drop TLS connections that cannot be
decrypted and inspected on the fly. Outbound SSH and general application
packet data that has high entropy will be dropped too.

These certs are used to terminate TLS connections at the network edge, then
some device makes the requests out on behalf of the clients. Decrypt, inspect,
pass back and forth (only if it is authorized).

This is done in the name of 'security'. The companies that sell these devices
assert that is makes us all safer.

~~~
mmebane
> then some device makes the requests out on behalf of the clients.

Well, that, or horribly mangles them. My employer uses Blue Coat ProxySG, and
browsing Wikipedia in Chrome has been impossible for a few months. [1] Before
that, it was anything which prioritized ECDHE ciphers and used Fallback SCSV,
like the Mozilla Developer Network site. It's a pain in the butt.

[1]:
[https://code.google.com/p/chromium/issues/detail?id=511976#c...](https://code.google.com/p/chromium/issues/detail?id=511976#c26)

