All versions of ProxySG and Advanced Secure Gateway (ASG).
After upgrading to Chrome version 50, https://www.google.com and https://www.gmail.com are no longer accessible when SSL proxy is enabled on ProxySG. SSL Proxy is enabled on PorxySG by the following configurations:
Explicit Deployment - Protocol detection is enabled on the HTTP Explicit service or in policy.
Transparent Deployment - The HTTPS service type is SSL Proxy
Google released a new Elliptic Curve (EC) X25519 for the ECDHE cipher, which is used in Google Chrome version 50. As a result, since May 10, SSL connections to some Google servers (using this curve) fail, when Chrome doesn’t have the ALPN extension.
To work around this issue SSL Proxy must be disabled for https://www.google.com and https://www.gmail.com.
For explicit deployments add the following policy: <proxy> url.domain=google.com detect_protocol(no) url.domain=gmail.com detect_protocol(no)
For transparent deployments www.google.com, www.gmail.com and mail.google.com IPs will have to be added to the static bypass list or create TCP-Tunnel type services for these IP addresses specifically.
This issue has been addressed in release 184.108.40.206 available on the BTO as of June 7, 2016 and in release 220.127.116.11 available on the BTO as of June 17, 2016
Imported Document Id
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.