browse
Overview
Umbrella relies on the TLS SNI extension to discover the destination domain and determine if an HTTPS request needs to be decrypted or bypassed from decryption (match Selective Decryption Lists). Therefore, it's crucial for the client to comply with TLS standards as defined in relevant RFCs - most well-known browsers are compliant & therefore supported by Umbrella.
Question
1. Is SWG Proxy able to process non-standard HTTPS web requests?
Answer: No. The HTTPS request will fail if a basic TLS handshake is not carried out (for example if the Client / Server Hello exchange is missing).
2. Would disabling HTTPs Inspection or adding the domain in question to Selective Decryption List help?
Answer: No, this would not help.
Solution
The non-standard HTTPS site in question will need to bypass the SWG Proxy completely.
Comments
0 comments
Article is closed for comments.