Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1454
Views
10
Helpful
6
Replies

Youtube.com not downgraded to tls1.2

kostasthedelegate
Level 4
Level 4

‎07-27-2020 05:58 AM

Hello, 

 

I face a problem with FTD version 6.4.0

I have previously disabled TLS 1.3 and http2 due to some sites not working. 

 

Recently I tried to block youtube from a category of users, but it was not possible. 

I put an access policy rule to block it. 

In SSL policy it hits the default rule and it does not decrypt the page in order to block it. 

In the events, it shows as blocked, but the page loads normally. 

 

In the CLI when I input the command:

system support ssl-client-hello-display

I get the following:

extensions_remove 43,16,13172

tls13_downgrade=false

 

 

I tried to change tls13_downgrade to true but nothing changed. 

 

Do you know what else I should check?

 

Thanks and Regards, 

Konstantinos

0 Helpful
6 Replies 6

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-27-2020 07:06 AM

Did you confirm it's using https over tcp/443 and not QUIC over udp/443?

kostasthedelegate
Level 4
Level 4
In response to Marvin Rhoads

‎07-27-2020 10:32 PM - edited ‎07-27-2020 10:44 PM

Hello Marvin,

Thank you for your reply!
Well, I have not checked that one.

I found this article on how to locate if you are using QUICK.

https://www.fastvue.co/fastvue/blog/googles-quic-protocols-security-and-reporting-implications/

I will check and if it is used how will I disable it?

Regards,
Konstantinos

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to kostasthedelegate

‎07-27-2020 10:59 PM

If you block the outbound udp/443 traffic then the flow should revert to https over tcp/443.

kostasthedelegate
Level 4
Level 4
In response to Marvin Rhoads

‎07-27-2020 11:02 PM

Ok Marvin

I will check and let you know of the outcome!!

Thanks
Konstantinos
0 Helpful

kostasthedelegate
Level 4
Level 4

‎07-29-2020 01:08 AM

Hello,

I checked and the protocol used is https.
This is the output of the Events in FMC

 

Destination Port / ICMP Code SSL Status SSL Flow Error SSL Actual Action SSL Expected Action SSL Certificate Status SSL VersionSSL Cipher Suite SSL Rule Application Protocol Client Web Application Application Risk Business Relevance URL
443 (https) / tcp Do Not Decrypt(Uncached Session) SESSION_UNKNOWN(0xb9000575) Do Not Decrypt Unknown Not Checked TLSv1.3 Unknown Default Rule HTTPS SSL client YouTube High Very Low https://www.youtube.com

 

The TLS used is 1.3 but it should be 1.2.

Any idea what might be wrong?

 

Regards, 

Konstantinos

0 Helpful

kostasthedelegate
Level 4
Level 4
In response to kostasthedelegate

‎07-29-2020 03:07 AM

Hello,

The problem was in the SSL policy.
We reconfigured an SSL rule and it worked.

Thanks and regards,
Konstantinos
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card