On 14/06/2014 1:23 p.m., MrErr wrote: > Does this mean that dstdomain does not work with ssl-bump?
Yes and no. It works with CONNECT bumping in regular proxy traffic. It does not work on intercepted port 443 traffic reliably. > > My other reason for not using "ssl-bump server-first all" is that the kindle > fire stops working. I read that it was because of something called ssl > pinning. So i do need to get some kind of targeted bumping to happen. > HSTS probably. And yes those sites bumping does not work for. Amos
