SSL decryption and Http redirection

Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSL decryption and Http redirection

L3 Networker


I am testing SSL decryption and it seems to work fine  except when Http redirection is involved. E.g. when you try to connect to Https:// , google redirects you to and it gives me a certificate error because of the hostname in the cert does ( in this case)not match with the hostname that you are connecting to ( originally).  Is there some way of working around this ? I am using PANOS 4.0.4.





Today PAN Support confirmed me in a ticket : SSL decryption doesn't support SSLv3/TLSv1 fully : they clear original client HELLO packet to replace all values by their owns ones.

They even asked me to open a Feature Request... I hope it's the kind of ones they can implement "FAST" because I am relying a lot on Decryption which is a major feature that makes PAN ahead of others.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!