Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 1 subscriber
  • Views 5635 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[7.504][solved]SSL Scanning

wingman
Hi All

I've placed the mozila network under the ssl and certificate exception and I am still unable to download addon/update the client.It seems that the exception is not applied.I've disabled and re enabled the http proxy,clearing cache,restarting ASG but still no luck.

the logs indicates that there is no exception applied

The SSL exception is applied to the whole Mozilla network (63.245.208.0/20)

2010:02:25-23:12:49 stuffman httpproxy[4097]: [0xa5b34e98] ssl_log_errors (ssl.c:41) C: 4097:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1057:SSL alert number 48
2010:02:25-23:12:49 stuffman httpproxy[4097]: [0xa5b34e98] ssl_log_errors (ssl.c:41) C: 4097:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:842:
2010:02:25-23:12:49 stuffman httpproxy[4097]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.*.*" user="***" statuscode="200" cached="0" profile="REF_gTJkfSrJvf (AD Users)" filteraction="REF_PAZIrYpGAv (AD Filter)" size="0" time="0 ms" request="0xa5b34e98" url="services.addons.mozilla.org/" exceptions="" error="" 
2010:02:25-23:12:53 stuffman httpproxy[4097]: [0xa5b11fc8] ssl_log_errors (ssl.c:41) C: 4097:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1057:SSL alert number 48
2010:02:25-23:12:53 stuffman httpproxy[4097]: [0xa5b11fc8] ssl_log_errors (ssl.c:41) C: 4097:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:842:


Thanks


This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to wingman
    Well, if the browser is passing a FQDN to the proxy, and not an IP, then I would think you would need the FQDN in the exceptions, not the IP...

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
  • 0 in reply to BrucekConvergent
    Well, if the browser is passing a FQDN to the proxy, and not an IP, then I would think you would need the FQDN in the exceptions, not the IP...



    dahh,,..That makes sense. I will have a go and post the results tomorrow. Thanks BrucekConvergent
  • 0 in reply to wingman
    I take it that worked fine judging by a post you made in another thread.  Happy to help.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    I take it that worked fine judging by a post you made in another thread.  Happy to help.


    well it make sense not to work if you need the FQDN.However, I am unable to add the whole mozilla network block (/20) as URL since when you try to update firefox you get multiple mirrors. I've added the mozilla.org exception and everything works fine though
    Thanks