I've found $employer doing similar things, but rather than than not allowing TLS they MITM it. Fortunately it's easy to detect since my computer doesn't trust the in-house CA.