How Pi-Hole Handles HTTPS / SSL

diginc · March 13, 2017, 10:24pm

Potential FAQ? One common question I saw surfacing in the recent hacker news post about pi-hole was about SSL so I made a quick flow chart for that.

Difference between Pi-Hole when ads use SSL:

If you copy any of this SVG link you can just take off the file extension and see the code used to make the diagram on code2flow.com. E.G. https://code2flow.com/ucyZk9.svg source code is at https://code2flow.com/ucyZk9

Fork/Edit away if you see any mistakes. I would suggest if we use code2flow on FAQs we download the images & upload them to discourse to avoid hammering their service / disappearing images if they disappear.

Mcat12 · March 14, 2017, 4:27pm

Also good to note, the ad https request should not timeout if the Pi-hole's port 443 rejects the connection instead of dropping it.

diginc · March 14, 2017, 5:03pm

There was some chatting about maybe adding a default firewall rule for that, but it'd have to account for if people have SSL they actually want to serve out or not.

Part of the timeout is browser side settings not giving up and or javascript fetching retries. It may not be entirely clear from the flow diagram, I was thinking of tweaking that wording a little bit. I'll play around with IPTables rejects tonight and see if it resolves the issue and maybe just map it out in an updated flow chart.

jacob.salmela · May 19, 2017, 1:47am

Moved this to FAQs. Thanks @diginc