Results 1 to 3 of 3
  1. #1
    Untangler
    Join Date
    Nov 2016
    Location
    Grafton, Australia
    Posts
    39

    Default SSL decrypt exception: Insufficient buffer remaining

    Hi, We are a school with some 200 students. Been running UT for 5 years, & SSL Inspector for 2 years - SSL Ins been a little buggy but works OK to allow us to monitor what the kids are searching on in YouTube & the common SE's. That's all we need, so we bypass (ignore) all other SSL traffic usually based on SNI Host name.

    Lately we've been seeing lots of "SSL decrypt exception: Insufficient buffer remaining" errors on various non Search-Engine sites that I thought should have been bypassed by our rules. (Inspect All SSL Traffic rule is unchecked). The certificate displayed on the partially painted page was the Untangle Cert.

    So my question is "Does UT need to do any decryption before it can work out the SNI host name, or in other words, would this SSL decrypt exception cause SSL inspector not to determine the SNI Host Name and thus not bypass the site for SSL inspection ? Would there be any use trying an Ignore rule based on Cert Subject instead ?

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,678

    Default

    I would open a support ticket so we can monitor the resources during the event. I have not seen that before.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler
    Join Date
    Nov 2016
    Location
    Grafton, Australia
    Posts
    39

    Default

    Thanks - I'll do that, but I'd better just first check that I didn't make an error in specifying the conditions in the Ignore rule.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2