1

From what I know, with https the packet is totally encrypted except its destination.

Does that mean that my corporate firewall and the guys working there will not be able to read my https packet in any other way?

If they can extract some info out from it, up to which extent would that be?

kwagjj
  • 133
  • 4
  • Related: https://security.stackexchange.com/q/186238/165253 – forest Aug 15 '18 at 02:35
  • Firewall are never mean to sniff packet. Only a proxy with enough CPU to carry out such task, including modify spoofing as destination server and provide an internal certificate(usually not trusted by browser) to trick the user. – mootmoot Aug 15 '18 at 14:34

1 Answers1

2

They will be able to see the source and destination IP address and port, as well as the domain you are connecting to (for example, security.stackexchange.com). They will also be able to see the size of each packet. However, as long as they are not actively attacking the connection (e.g. with a root certificate you have trusted which allows them to do interception) and as long as TLS is properly implemented, they will not be able to read the actual contents of the traffic. This includes the path which is being accessed (for example /q/191576/165253).

I recommend you read How does SSL/TLS work? to familiarize yourself with the subject.

Glorfindel
  • 2,263
  • 6
  • 19
  • 30
forest
  • 65,613
  • 20
  • 208
  • 262
  • 3
    "with a root certificate you have trusted" - using a company-controlled client this becomes "with a root certificate the IT-department installed on your client (probably without you noticing)". – piet.t Aug 15 '18 at 13:28
  • 1
    `as long as they are not actively attacking the connection (e.g. with a root certificate you have trusted which allows them to do interception)` which of course they totally did. – gd1 Mar 10 '21 at 14:09