Results 1 to 4 of 4
  1. #1
    bt3
    bt3 is online now
    Newbie
    Join Date
    Aug 2016
    Posts
    4

    Default Server Connection Protocols and Google sites

    I've been using SSL Inspector for quite some time now because of 3 teens at home. I don't inspect everything, only certain sites. I have a rack set up with SSL inspection on and rules to route kids' devices to that policy. Usually works pretty well with minor adjustments from time to time.

    On the SSL Inspector Configuration tab I'm able to use TLS v1.2 and more recently v1.3 for Client Connection Protocols without any connection issues. However, if I enable TLS 1.2 or 1.3 for Server Connection Protocols Google, Youtube, and Bing sites become unreachable in Chrome and Edge browsers (ERR_CONNECTION_CLOSED). Unchecking these protocols allows them to be accessible again.

    My question is, in a home environment, is it necessary to enable Server Connection Protocols at all? What would be the downsides to not using them?

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,201

    Default

    It's almost impossible to get SSL Inspector to work with Google services. They have built-in anti-MITM protections which block any SSL inspection.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    bt3
    bt3 is online now
    Newbie
    Join Date
    Aug 2016
    Posts
    4

    Default

    After further digging I found the sessions had been abandoned so it's probably not the TLS version at all. I seem to recall a forum post from a while back about a corrupted certificate on the untangle server causing abandoned sessions. The fix was to delete the certificates and let them be regenerated. I need to do some more digging. You're right though. I'm probably going to turn off SSL inspection. My kids are college age now and it's getting too hard to maintain.

  4. #4
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,130

    Default

    Quote Originally Posted by bt3 View Post
    My question is, in a home environment, is it necessary to enable Server Connection Protocols at all? What would be the downsides to not using them?
    I'm still interested in a more explicit answer to this question. For what it's worth.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2