Follow

Why can deskMate not connect using a proxy with HTTPS content inspection

As real remote desktop is a kind of a real time application deskMate depends on a very low latency connection. The transmission time between our servers and the client is even more critical than the bandwith.

To combine a flexible realtime protocol with the ability to be forwarded by socket or proxy servers we invented our deskMate application protocol.

It is basically designed like the SRTP (secure realtime protocol) but it uses TCP instead of UDP for its transport. We are using a lot of improvements to make our protocol as flexible as SRTP over UDP.

However this protocol is not compatible to the common TLS even as we start every connection talking TLS. As soon as our connection is set up we are switching to our own protocol.

This provides a lot of benefits (we are not affected by bugs like gotofail or heartbleed) at the price of being incompatible to HTTPS content inspection - as this expects pure TLS traffic.

However it is not our objective to be compatible to HTTPS content inspection because of two more reasons:

  • content inspection adds an unnecessary delay to the connection
  • content inspection violates our promise of privacy using deskMate

 

If you need to connect to our deskMate backend using a content inspecting HTTPS proxy server it is required to pass our traffic without content inspection. There is no way to transfer any file between client and server without the deskMate administrators permission so there is also no need for inspection.

0 Comments

Article is closed for comments.