Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Everything other than 80 and 443 is blocked by default, anything-over-https is just a matter of time. With a properly configured TLS MITM proxy only certificate pinning will prevent snooping, but it’ll also prevent connectivity, so you might call it a win for security/privacy, or a loss for the open internet if it’s you who needs to VPN to a safe network from within such an environment…


A port number does not force a certain protocol. You can run everything you want over port 443.

And yeah I also think it's a really bad idea to run everything over https. But I don't think it'll happen.


You can. The client side enterprise proxy/firewall really doesn’t want you to, though. Just a fact of life.


Yeah I wasn't really thinking of enterprise in this whole discussion though. After all, it's about pi-hole.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: