Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 31
  1. #21
    Newbie
    Join Date
    Nov 2020
    Posts
    6

    Default

    4

  2. #22
    Newbie
    Join Date
    Nov 2020
    Posts
    6

    Default

    5 Can I safely delete these now without breaking the images below?
    Last edited by jeffreyw; 11-02-2020 at 04:19 PM.
    Jim.Alles likes this.

  3. #23
    Newbie
    Join Date
    Nov 2020
    Posts
    6

    Default

    Untangle version: 16.0.1
    Model: u500

    I tried and failed to load these pages in order in Chrome (they are not exempted from SSL inspection for this test). They fail in Firefox and IE with the same error in the Untangle log but different errors in the browser.

    1) https://www.grazehtx.com/ home page
    2) https://www.thoughtco.com/ home page
    3) https://app.screencastify.com/extension-auth/handover (exporting .mp4)

    graze failed to load.JPG

    SSL Inspector Abandoned Sessions
    tag mismatch.JPG

    The error in Firefox:

    Secure Connection Failed

    An error occurred during a connection to www.thoughtco.com.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.


    The error in IE 11

    This page can’t be displayed

    •Make sure the web address https://www.thoughtco.com is correct.
    •Look for the page with your search engine.
    •Refresh the page in a few minutes.

  4. #24
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,135

    Default

    Thank you for the super helpful information, jeffreyw. I did a test of your first example by examining that site's certificate and creating a rule specific to that site (remembering that I will not enable the inspect all rule):

    SSLI_Test.png

    Since the Mac I'm sitting at is too old to update to the most recent version of Safari, I opted to use Firefox (which makes sense anyway for comparing results). After setting up the SSL Inspector rule above I cleared Firefox history, closed Firefox, logged out of my Mac account, logged back in, and used the site link you provided. This is the result:

    Firefox.png

    I'd like to understand all this better. What am I missing?

    EDIT: Argh, I'm sorry. I meant to mention that I'm behind NGFW 15.1.2.
    Last edited by Sam Graf; 11-02-2020 at 07:01 PM.

  5. #25
    Newbie
    Join Date
    Aug 2020
    Posts
    5

    Default

    Hi,

    We are also experiencing the exact same behaviour on a lot of sites, digging in to the logs we are seeing a lot of instances of
    "Server SSL decrypt exception: Tag mismatch!" & "Client SSL decrypt exception: Unrecognized record version (D)TLS-0.0 , plaintext connection? CERT: <redacted>" - has this been raised as a bug at Untangle? I don't believe this could be a coincidence that is affecting many users & sites.

    Any feedback / updates would be appreciated as this is a service affecting issue.

    Many Thanks

  6. #26
    Untangler sheck's Avatar
    Join Date
    May 2020
    Posts
    46

    Default

    Try disabling these options in SSL Inspector, TLSv1.3 was added in 16.0 and from what I can tell, some websites don't like that protocol level. Amazon for instance was having an issue loading after 16 but I disabled this in SSL Inspector and it began working again.

    Thanks to joshco_untangle for making me take a closer look this morning.

    tls.png

  7. #27
    Newbie
    Join Date
    Jul 2018
    Posts
    10

    Default

    Quote Originally Posted by sheck View Post
    Try disabling these options in SSL Inspector, TLSv1.3 was added in 16.0 and from what I can tell, some websites don't like that protocol level. Amazon for instance was having an issue loading after 16 but I disabled this in SSL Inspector and it began working again.

    Thanks to joshco_untangle for making me take a closer look this morning.

    tls.png
    Sorry for the late reply, but this seems thus far to be the issue with me. I haven't tried to split between client and server but both off seems to have resolved my issues.

    As for turning off SSL inspection, I prefer to be the Guinea pig in the house so I can keep a better eye on the kiddos. But when the pig doesn't work, he needs to squeal every now and then. Wishing we could get a better log on this to root cause it faster.

    Thanks.

  8. #28
    Newbie
    Join Date
    Feb 2014
    Posts
    3

    Default

    Quote Originally Posted by sheck View Post
    Try disabling these options in SSL Inspector, TLSv1.3 was added in 16.0 and from what I can tell, some websites don't like that protocol level. Amazon for instance was having an issue loading after 16 but I disabled this in SSL Inspector and it began working again.

    Thanks to joshco_untangle for making me take a closer look this morning.

    tls.png

    Just unchecking the server option corrected this issue for me. I'm curious what the actual issue is. If sites are using TLS1.3 can we not decrypt the payload with this option unchecked?

  9. #29
    Newbie
    Join Date
    Apr 2019
    Posts
    11

    Default

    Quote Originally Posted by ghensley View Post
    Just unchecking the server option corrected this issue for me. I'm curious what the actual issue is. If sites are using TLS1.3 can we not decrypt the payload with this option unchecked?

    +1 Curious to know what the actual issue is as well.

    Unchecking TLS 1.3 server option also worked for me (same issue).... anyone know what the impact of this 'uncheck' is?

  10. #30
    Untangler sheck's Avatar
    Join Date
    May 2020
    Posts
    46

    Default

    Quote Originally Posted by davee View Post
    +1 Curious to know what the actual issue is as well.

    Unchecking TLS 1.3 server option also worked for me (same issue).... anyone know what the impact of this 'uncheck' is?
    We didn't have 1.3 until this version, so essentially its just like being on 15.x for SSL Inspector. We currently have a fix in place for TLSv1.3 and should be out with 16.2 when that releases. Sorry, no exact release date yet.

Page 3 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2