SSL/TLS Inspection or HTTPS Interception is the process of intercepting SSL/TLS encrypted internet communication between the client and server. Interception can be executed between the sender and the receiver and vice versa (receiver to sender)—it’s the same technique used in man-in-the-middle (MiTM) attacks, without the consent of both entities.
Now at first blush, it may seem that SSL Inspection undermines the purpose that HTTPS/SSL was created for. However, it’s not as simple as that.
We all know that SSL/TLS encryption helps us protect our sensitive information (such as passwords and credit card details). Every single bit of data is turned into an indecipherable format and thus it protects us from eavesdropping and data tampering.
However, it’s not all sunshine and rainbows.
Along with your legitimate information, malicious content could also be hidden in the encrypted traffic. And because it’s encrypted, it goes unnoticed by common security mechanisms meaning it could do the damage that it was intended to do. SSL-based malware attacks have become a common thing these days with HTTPS being utilized in around 37% of malware.
SSL Inspection is *intended to inspect* and filter out potentially dangerous content such as malware. This kind of inspection or interception is called Full SSL Inspection or Deep SSL Inspection. It allows you to do antivirus scanning, web filtering, email filtering, etc. Interception and inspection are done by an interception device sitting in the middle, often referred to as a ‘middlebox.’