06-23-2022 07:26 AM
Hi,
how to add following decryption error (ssl-forward-proxy) to exceptions?
- logs->decryption: dest address: ac88393aca5853df7.awsglobalaccelerator.com (shodan solves this ip /13.248.212.111/ also to service.signal.org; SNI - no value; SCN: chat.signal.org; error: General TLS protocol error
- logs->traffic: destination like above; decrypted: no; app: ssl; session end reason: decrypt-cert-validation; action: allow; type: end
What I have done:
- device->cert management->SSL decrypt exclusion: chat.signal.org and *.signal.org -> exclude from decryption
Other (almost all) exceptions work fine, but only this cert has no value for SNI (Server Name Indication).
07-07-2022 05:41 AM
Hi @JarerkZajac ,
You can create Decryption rule, matching by destination address and using FQDN object with action set to "no decrypt"
07-07-2022 05:41 AM
Hi @JarerkZajac ,
You can create Decryption rule, matching by destination address and using FQDN object with action set to "no decrypt"
01-19-2023 02:16 AM
Hi Astardzhiev,
thank you for answer and apologise for late reply. I solved this problem by adding FQDN to URL custom category and using it in decryption rule as no decrypt url category.
Chat.signal works fine, but lately another: signal messenger started the same -> no SNI, no SCN (subject common name), at the same IP/FQDN address. So I added new decrypt rule and added this address.
Thank you again for reply and solution.
Best
Jarek
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
