> I should absolutely be able to intercept TLS traffic on my computers on my network.
Just ask the users of your network to install your CA cert (or click past your cert warnings). That should work with TLS 1.3 right?
Or in your statement are you really meaning, "I should absolutely be able to intercept TLS traffic on my computers on my network without them knowing about it"? If so, that's a completely different thing altogether and if that's what you and the GCHQ mean when talking about proxying, it needs to be explicitly stated. There is a huge difference.
Just ask the users of your network to install your CA cert (or click past your cert warnings). That should work with TLS 1.3 right?
Or in your statement are you really meaning, "I should absolutely be able to intercept TLS traffic on my computers on my network without them knowing about it"? If so, that's a completely different thing altogether and if that's what you and the GCHQ mean when talking about proxying, it needs to be explicitly stated. There is a huge difference.