Blanket SSL blocking won't work -- employees often *need* to use SSL to do their job (i.e. Finance needs to connect to the bank websites, employees need to use SSL protected logins at other sites - most any site that allows logins will require SSL).
(Disclaimer: I run a business that provides web filtering systems for schools)
In fact, SSL is becoming quite common place on a lot of sites where you'd traditionally not consider security to be a big deal. For example, Google does searches over https(*). For a long time we resisted intercepting HTTPS streams, instead choosing to only whitelist certain sites. However, over the last few years, the number of sites using HTTPS has massively increased, and it's simply not feasible to allow them all through without any kind of automated content inspection. So these days, our filtering systems do perform a MITM attack on all HTTPS sites that aren't whitelisted - as far as we're concerned, there's no other way to reliably filter web traffic now.
I should take this opportunity to point out that I'm specifically talking about schools, where there is a need for some amount of filtering. I'm of the opinion that performing any kind of web filtering in a normal workplace is counter productive: you'll end up blocking stuff your employees need to access in order to do their jobs, you'll end up pissing your employees off and at the end of the day, if your employees aren't responsible adults, why the hell are you employing them?
(* Google HTTPS searches can be disabled on a network-wide basis; although it could be argued that MITMing these connections at the proxy is better than disabling encryption entirely since the MITM method only introduces one weak point instead of weakening the entire path).