Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

https-inspection doesn't let to open some sites

Good day! After I enabled https-inspection, I can't open some site. I'm from Belarus. I can't open for exmple this site :

Хостинг и регистрация доменных имен в Беларуси . It's a Belarussian hosting. Which types of sites isn't avaliable to open after launching of https-inspection?

0 Kudos
6 Replies
Highlighted
Explorer

Hi Mikhail,

Since HTTPS Inspection can not categorize some sites, you will have to manually define bypass rule.

Best regards,

Korkut

0 Kudos
Highlighted
Advisor

Hi:

Are they ECDHE sites?

Reference:
Specific HTTPS sites that use ECDHE ciphers are not accessible when HTTPS Inspection is enabled
Solution ID sk110883

Some HTTPS sites do not load when HTTPS Inspection is enabled, if TLS 1.2 with ECDHE cipher is used
Solution ID sk112954

0 Kudos
Highlighted
Participant

I see that for this site:

Chain issuesIncorrect order, Extra certs, Contains anchor

Can it be a reason that I can't open this site?

0 Kudos
Highlighted
Champion
Champion

Looks like an SNI issue. Search this forum for another post regarding HTTPS and SNI.

0 Kudos
Highlighted
Participant

I found out that a reason is sk120192. Certificate on this site has signature algorithm SHA256withDSA.

Unfortunately, I can't add this site in exception using Customer Category. I found only one way to set bypass for this site is ip-address in fieild "Destination".

0 Kudos
Highlighted
Collaborator

Using the CP as a proxy alleviates the need to use IPs for bypasses. Please see further reading here: HTTPS inspection real life examples and caveats in R77.30 and R80.10