All versions of ProxySG and Advanced Secure Gateway (ASG).
After upgrading to Chrome version 50, https://www.google.com and https://www.gmail.com are no longer accessible when SSL proxy is enabled on ProxySG. SSL Proxy is enabled on PorxySG by the following configurations:
Explicit Deployment - Protocol detection is enabled on the HTTP Explicit service or in policy.
Transparent Deployment - The HTTPS service type is SSL Proxy
Google released a new Elliptic Curve (EC) X25519 for the ECDHE cipher, which is used in Google Chrome version 50. As a result, since May 10, SSL connections to some Google servers (using this curve) fail, when Chrome doesn’t have the ALPN extension.
To work around this issue SSL Proxy must be disabled for https://www.google.com and https://www.gmail.com.
For explicit deployments add the following policy: <proxy> url.domain=google.com detect_protocol(no) url.domain=gmail.com detect_protocol(no)
For transparent deployments www.google.com, www.gmail.com and mail.google.com IPs will have to be added to the static bypass list or create TCP-Tunnel type services for these IP addresses specifically.
This issue has been addressed in release 22.214.171.124 available on the BTO as of June 7, 2016 and in release 126.96.36.199 available on the BTO as of June 17, 2016
Imported Document ID: 000031241
Subscribing will provide email updates when this Article is updated. Login is required.