DLP agent uses the Firefox general config file to manage the spdy protocol. If the spdy protocol is enabled SSL incidents may not be generated.
DLP 14.x
DLP 15.x
The DLP agent will create a ffm.js in the Mozilla\default\perf\ folder that specifies the Mozilla\ffm.cfg as the general config file.
This prevents the standard Mozilla.cfg from working as expected and overrides Firefox enterprise policies.
Disable the option for the DLP agent to handle the SPDY protocol and add manual management for it.
First change the DLP advanced agent config by following these steps:
Next we need to modify browser policies.
For Firefox add the SPDY lines into mozilla.cfg used to manage the enterprise policies:
lockPref("network.http.spdy.enabled", false);
lockPref("network.http.spdy.enabled.http2", false);
For internet explorer. If IE standard is <11, then create the GPO
Group policy for disabling SPDY:
[User|Computer] Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Allow Internet Explorer to use the SPDY/3 network protocol – Disabled
Chrome and Edge do not require any changes.