04-19-2011 08:27 AM
Hello,
Following the activation of HTTPS filtering yesterday, various users started to experience issues when accessing certain web sites. The cause is very unclear. We are running ASyncOS 7.0.0-819 on a pair of S360.
The main symptom (in three reported issues) is that users are not redirected correctly to the web site's main page after logging in through their portal. This is the case for three totally different web sites. Both sites seem to involve some kind of HTTP redirection after the login page. We have no control over these web sites and it's very difficult to diagnose the problem any further.
The temporary solution is to add bypass exceptions. However even the exact address to add causes confusion, especially when dealing with non technical people.
Are there any known SSL issues that involve redirection, remote SSL/auth gateways etc.? and how can this be resolved or investigated further?
Attach: the unexpected result of logging in to https://www.interaction.bell.ca/, which used to work until SSL filtering was activated.
Thank you.
04-19-2011 08:38 AM
There's a bug in the WSA code where it won't step back the SSL from TLS to SSLV3 when the website requests it. (Bug #71012).
We had some issues because we had a couple of users still on WinXP and the cert we issued from our new cert server used a hash method not supported by XP.
We solved most of these by looking at the reputation of the site, and only doing the SSL decrypt if the reputation was below a certain threshold.
Ken
04-19-2011 12:04 PM
Hi,
How do I know if the symptoms are caused by this particular bug?
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide