cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
637
Views
0
Helpful
2
Replies
Highlighted

SSL issues involving redirection and/or remote SSL gateways

Hello,

Following the activation of HTTPS filtering yesterday, various users started to experience issues when accessing certain web sites. The cause is very unclear. We are running ASyncOS 7.0.0-819 on a pair of S360.

The main symptom (in three reported issues) is that users are not redirected correctly to the web site's main page after logging in through their portal. This is the case for three totally different web sites. Both sites seem to involve some kind of HTTP redirection after the login page. We have no control over these web sites and it's very difficult to diagnose the problem any further.

The temporary solution is to add bypass exceptions. However even the exact address to add causes confusion, especially when dealing with non technical people.

Are there any known SSL issues that involve redirection, remote SSL/auth gateways etc.? and how can this be resolved or investigated further?

Attach: the unexpected result of logging in to https://www.interaction.bell.ca/, which used to work until SSL filtering was activated.

Thank you.

2 REPLIES 2
Highlighted
Engager

Re: SSL issues involving redirection and/or remote SSL gateways

There's a bug in the WSA code where it won't step back the SSL from TLS to SSLV3 when the website requests it. (Bug #71012).

We had some issues because we had a couple of users still on WinXP and the cert we issued from our new cert server used a hash method not supported by XP.

We solved most of these by looking at the reputation of the site, and only doing the SSL decrypt if the reputation was below a certain threshold.

Ken

Highlighted

Re: SSL issues involving redirection and/or remote SSL gateways

Hi,

How do I know if the symptoms are caused by this particular bug?

Thanks.