After looking at what GoGo is doing, it seems that all they really want to do is just block YouTube. The problem is telling the user what they're doing, so they don't bitch at the flight attendants. Technically, they should send back an ICMP Type 3 message, "Destination Unreachable" with code 10 (Communication with Destination Host Administratively Prohibited) or code 13 (Communication Administratively Prohibited by Filtering). But that info won't make it up to the browser in either Windows or Linux. About the best you can get through to the client program is a "Host Unreachable" error code.
So, in the style of most web intermediates, they're trying to do this at the HTTP level. Which doesn't work well for HTTPS requests. One of the annoying features of HTTPS is that there's no standard way for a site to say "I don't speak HTTPS". I run a crawler, and responses to HTTPS requests include timing out, sending non-HTTPS data confusing the SSL/TLS layer, and refusing to open a TCP connection.
About the most legit thing they might do is open an HTTPS connection using a cert signed for a domain name such as "YOUTUBE-IS-BLOCKED-BECAUSE-YOU-ARE-ON-AN-AIRPLANE.NET". The HTTPS open will fail due to domain mismatch, and the browser popup will have some useful info. If the user actually lets the connection open, they can be given a page on why satellite links don't have enough bandwidth to let everyone on a plane watch cat videos.
So, in the style of most web intermediates, they're trying to do this at the HTTP level. Which doesn't work well for HTTPS requests. One of the annoying features of HTTPS is that there's no standard way for a site to say "I don't speak HTTPS". I run a crawler, and responses to HTTPS requests include timing out, sending non-HTTPS data confusing the SSL/TLS layer, and refusing to open a TCP connection.
About the most legit thing they might do is open an HTTPS connection using a cert signed for a domain name such as "YOUTUBE-IS-BLOCKED-BECAUSE-YOU-ARE-ON-AN-AIRPLANE.NET". The HTTPS open will fail due to domain mismatch, and the browser popup will have some useful info. If the user actually lets the connection open, they can be given a page on why satellite links don't have enough bandwidth to let everyone on a plane watch cat videos.