Most of my users have been exempted from https inspection because of a series of problems. I am trying to decide whether to turn it back on. I would like to minimize the risk of doing so, by analyzing compatibility in advance.
I can parse my lweb filter logs to obtain a list of several thousand FQDNs that we have accessed using https without inspection. I would like to feed the list into a shell script that tests whether UTM can connect successfully or not, using its version of OpenSSL and its ciphersuite configuration. Successful connections would go to one log file and failed connections would go to another. I could use the reject list to build an exception list before activating the https inspection feature, rather than enabling the feature and waiting for people to complain.
I have become familiar with the "openssl s_client -connect host:port" command, but have not figured out how to activate it in a script. After a successful connection, it waits for a command, so I have to manually force it to disconnect. I have not played with wget at all.
Can anyone suggest some script magic to get this done?
This thread was automatically locked due to age.