Overview
Umbrella relies on the TLS SNI extension to discover the destination domain and determine if the HTTPs request needs to be decrypted or bypassed from decryption (match Selective Decryption Lists). Therefore, it's crucial for the client to comply with TLS standards as defined in relevant RFCs - most well-known browsers are compliant & therefore supported by Umbrella.
Question
1. Is SWG Proxy able to process non-standard HTTPs web request?
Answer: The HTTPs request will fail if basic TLS handshake is not followed such as Client / Server Hello exchange is missing.
2. Is disabling HTTPs Inspection or adding the domain in question to Selective Decryption List helps?
Answer: No, it would not help.
Solution
The non-standard HTTPs site in question will need to bypass SWG Proxy completely.
Comments
0 comments
Article is closed for comments.