Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 28 subscribers
  • Views 1089 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG v18 does not use the Common Name of the website certificate.

core_memory

For example
openssl s_client -connect www.sophos.com:443 -servername www.sophos.com
In this case, No decryption.  It is normal.

openssl s_client -connect www.sophos.com:443
In this case, decryption.
I think it's because there is no SNI (Server Name Indication).

The Common Name of the certificate is www.sophos.ccom. "sophos.com" is included in the "Managed TLS exclusion list".
In this case, there should be No decryption. Is this wrong?

If the client does not send the SNI, I want XG to use the Common Name.

Is KB-000035867 invalid?
support.sophos.com/.../KB-000035867

I also want XG to output the Common Name in the log.



This thread was automatically locked due to age.
Parents
  • 0

    It depends on the Request.

    Web Exceptions (Web -> Exceptions) work based on the SNI. 

    If you request the Website based on the Domain Name, only DPI Exception based on Destination Host can work. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thank you for your reply.

    Is the content written in KB-000035867 the case of Web Exceptions?
    It says "Version: 16.01.0 onwards".
    KB-000035867 is use the Common Name, right?

    Adding the site to Web Exceptions did not change the result.

Reply Children