10-15-2018 05:59 AM - edited 10-15-2018 07:03 AM
Hi Everyone,
I am running a test on a WSA and I am unable to make HTTPS proxy to work at the moment, I can see in wireshark from a packet capture on the wire that the WSA is actively closing the TCP session and I receive an error message that is not generated by the WSA but rather than the windows client browser, HTTP instead works fine.
I indeed tried with several flavor of certificates, in order :
I installed all those certificates into the user and computer workstation's
I tried disabling/enabling all TLS and SSL versions and I tried modifying the chipers on the WSA appliance
Let me show you here below
WSA ip : 192.168.2.162
Workstation ip : 10.1.128.2
HTTPS TCP session reset actively from the WSA
On the browser:
Additionally I am also seeing these logs on the appliance from https_logs:
Mon Oct 15 14:02:32 2018 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake Mon Oct 15 14:02:32 2018 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request Mon Oct 15 14:02:32 2018 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155
Solved! Go to Solution.
10-15-2018 04:09 PM
In the end it was simply a misunderstanding on my end:
I used the HTTPS proxy configured port also in the windows and browser client settings for HTTPS proxy traffic, instead the proxy port for HTTPS has to be the same as HTTP traffic.
10-15-2018 11:42 AM
Look at the requirements :
10-15-2018 01:08 PM - edited 10-15-2018 01:14 PM
10-15-2018 01:13 PM
10-15-2018 01:34 PM
Thanks but this is one of the reference I watched already but with no benefit, what I can see is that the TLS/SSL session is no even established between the WSA and the client and I tried with several browsers and several clients.
the paket capture I ran shows actually that the session is initiated by the client and immediately reset by the WSA producing the logs I showed
10-15-2018 04:09 PM
In the end it was simply a misunderstanding on my end:
I used the HTTPS proxy configured port also in the windows and browser client settings for HTTPS proxy traffic, instead the proxy port for HTTPS has to be the same as HTTP traffic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide