This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
SSL decryption and Http redirection
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- General Topics
- SSL decryption and Http redirection
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
SSL decryption and Http redirection
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-26-2011 07:26 AM
Hi,
I am testing SSL decryption and it seems to work fine except when Http redirection is involved. E.g. when you try to connect to Https://gmail.com , google redirects you to https://www.google.com and it gives me a certificate error because of the hostname in the cert does (www.google.com in this case)not match with the hostname that you are connecting to (gmail.com originally). Is there some way of working around this ? I am using PANOS 4.0.4.
Regards,
Sunil
10 REPLIES 10
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-30-2012 12:08 AM
Hello,
Today PAN Support confirmed me in a ticket : SSL decryption doesn't support SSLv3/TLSv1 fully : they clear original client HELLO packet to replace all values by their owns ones.
They even asked me to open a Feature Request... I hope it's the kind of ones they can implement "FAST" because I am relying a lot on Decryption which is a major feature that makes PAN ahead of others.
Related Content
- Query regarding counters and debug data-plane pow performance output in General Topics
- Are logs lost when log discarded (queue full) increases? in General Topics
- How to get the full CA Issuer URL when it is truncated in the decryption log in General Topics
- Unable to block ".iso" & ".txt" file download with File Blocking Profile in General Topics
- URL filtering policy is not enforced on TLS handshakes for decrypted HTTPS sessions (panos-cve-2020- 2035) in Threat & Vulnerability Discussions
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks