SSL decryption( Some traffic is not decrypted)

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
Cyber Elite

@Jafar_Hussain,

Right off the bat I would look at if you are allowing QUIC traffic when you are utilizing Chrome. 

Highlighted
L4 Transporter

@BPry  I am not getting your point.

@vsys_remo  I can see in the traffic log when I open the chrome browser there is no decryption showing in traffic log however when I open in Mozilla traffic log showing as decrypted.

Highlighted
Cyber Elite

@Jafar_Hussain,

Chrome will default to using the QUIC protocol, which to @vsys_remo's point will come across on udp/443. Best practices would have you disallowing QUIC connections so that traffic is forced to fail-back to standard SSL/TLS connections over tcp/443. Then your decryption will actually work. 

Highlighted
L4 Transporter

@BPry@vsys_remo

Thanks for your reply.

I will check tomorrow and let you know.

Highlighted
L4 Transporter

@BPry @vsys_remo 

 

Thanks for your help and support.

 

Below is the task i have performed:-

 

I have disabled the QUIC protocol in the chrome browser then it is working as expected.

 

Problem:-

 But i have large network in my environment, so i am not going through to disable the QUIC protocol in every system.

 

Solution:- I have gone through the below documents and deny the traffic of the QUIC application. now it is working as expected.

  

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClarCAC

 

Highlighted
L4 Transporter

@BPry @vsys_remo 

 

hello,

Now the problem is chrome is accepting the certificate, but I am not able some websites in the chrome browser.

Ex:- I have applied decryption only for youtube and NetFlix. but when I open Netflix it is working fine below is the screenshot for Netflix:-

 

Jafar_Hussain_0-1581521919783.png

But When I open youtube in chrome, getting the error. below is the screenshot.

 

Jafar_Hussain_1-1581522020611.png

 

I have changed certificates already with SHA 512 value but still issue persists.

Could you please help me with this.

 

Highlighted
L4 Transporter

@BPry @vsys_remo  

Could you please update on this,

Highlighted
Cyber Elite

@Jafar_Hussain 

Neither @BPry nor me @BPry  are working for Paloaltonetworks. We use our free time to try to help here in the community. So if you cannot wait more than 3 hours (as you asked again for an update here 3 hours after your post with the cert warnings) you should contact official paloalto support.

 

Anyway, which certificate did you change to SHA512? Was it really the CA cert used for decryption? What key size did you configure for the dynamically created certificates? Could you show a screenshot of the cert?

Highlighted
L4 Transporter

@vsys_remo 

Sorry for this.

 

I have configured a new CA certificate with keysize- 2048 and sha 512.

 

 

Highlighted
Cyber Elite

@Jafar_Hussain 

and you did configure this new ca cert as "Forward Trust Certificate"?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!