Where does TLS/SSL inspection occur, and how does it happen?

TLS inspection (often called SSL inspection because the term SSL remains widely, if incorrectly, in use) involves intercepting encrypted traffic between the client and server. TLS interception devices act as an on-path attack and decrypt traffic to scan and analyze it, often for malware or other signs of attacks, and then encrypt it to send it on to its destination. As you might expect, TLS inspection has both legitimate and malicious uses.