cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

https-inspection doesn't let to open some sites

Good day! After I enabled https-inspection, I can't open some site. I'm from Belarus. I can't open for exmple this site :

Хостинг и регистрация доменных имен в Беларуси . It's a Belarussian hosting. Which types of sites isn't avaliable to open after launching of https-inspection?

0 Kudos
6 Replies

Re: https-inspection doesn't let to open some sites

Hi Mikhail,

Since HTTPS Inspection can not categorize some sites, you will have to manually define bypass rule.

Best regards,

Korkut

0 Kudos
Neville_Kuo
Copper

Re: https-inspection doesn't let to open some sites

Hi:

Are they ECDHE sites?

Reference:
Specific HTTPS sites that use ECDHE ciphers are not accessible when HTTPS Inspection is enabled
Solution ID sk110883

Some HTTPS sites do not load when HTTPS Inspection is enabled, if TLS 1.2 with ECDHE cipher is used
Solution ID sk112954

0 Kudos

Re: https-inspection doesn't let to open some sites

I see that for this site:

Chain issuesIncorrect order, Extra certs, Contains anchor

Can it be a reason that I can't open this site?

0 Kudos
Vladimir
Jade

Re: https-inspection doesn't let to open some sites

Looks like an SNI issue. Search this forum for another post regarding HTTPS and SNI.

0 Kudos

Re: https-inspection doesn't let to open some sites

I found out that a reason is sk120192. Certificate on this site has signature algorithm SHA256withDSA.

Unfortunately, I can't add this site in exception using Customer Category. I found only one way to set bypass for this site is ip-address in fieild "Destination".

0 Kudos
Highlighted

Re: https-inspection doesn't let to open some sites

Using the CP as a proxy alleviates the need to use IPs for bypasses. Please see further reading here: HTTPS inspection real life examples and caveats in R77.30 and R80.10