This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

The encryption used by the server hosting this URL is insecure.

What is that?

Have HTTPS decryption enabled on EP.

This is some kind of new because that site worked about 2 weeks ago.

The Website CA is issued by

Go Daddy Secure Certificate Authority - G2

Valid from January 14, 2022 to February 15, 2023
Serial Number: a31d468c634584ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: Go Daddy Secure Certificate Authority - G2



This thread was automatically locked due to age.
  • Hi LHerzog,

    I recommend opening a support case regarding this issue. When looking through currently opened cases, it looks like there is an open development investigation that is ongoing related to the behavior you're experiencing. I recommend referencing the following ID in your case as well.
    - WINEP-39587

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • thanks, will do.

    found out, that this is some kind of strange because each time, I reload or open the URL in the browser, it shows always the Sophos block page in Firefox but

    three different error message in MS Edge:

    log from EP

    C:\ProgramData\Sophos\Sophos Network Threat Protection\Logs

    SophosNetFilter.log

    2022-03-23T09:06:36.996Z [ 8256: 8324] I [webengine] New connection 0x2bcf1f4df40
    2022-03-23T09:06:36.996Z [ 8256: 6688] I [clienthello] connection:0x2bcf1d99e60 sni:support.hiddenforprivacy.com flowId:4779 decision:decrypt
    2022-03-23T09:06:36.997Z [ 8256: 6688] I [check-ip] connection:0x2bcf1f4df40 ip:161.71.xxx.xxx flowId:4778 decision:continue
    2022-03-23T09:06:37.000Z [ 8256: 6688] I [clienthello] connection:0x2bcf1f4df40 sni:support.hiddenforprivacy.com flowId:4778 decision:decrypt
    2022-03-23T09:06:37.077Z [ 8256: 8324] E SSL_do_handshake returned SSL error= 1 reason=1000 error:00000001:lib(0):func(0):reason(1) SSL*=000002BCF1C7A320
    2022-03-23T09:06:37.080Z [ 8256: 8324] E Failed to set up SSL MITM encryption: Unrecoverable SSL error during handshake(): error:000003E8:lib(0):func(0):reason(1000)
    2022-03-23T09:06:37.086Z [ 8256: 8316] E Connection closed before handshake completed
    2022-03-23T09:06:37.089Z [ 8256: 8316] E Connection closed before handshake completed
    2022-03-23T09:06:37.091Z [ 8256: 8316] E Connection closed before handshake completed
    2022-03-23T09:06:37.093Z [ 8256: 8316] I [webengine] Closing connection 0x2bcf1d99e60 for 'support.hiddenforprivacy.com': request=1335b, response=103b, lifetime=98ms, firstResponse=83ms, businessLogicDelay=0ms, timeInCache=10ms, in=92ms, out=97ms, l.eos=98ms
    2022-03-23T09:06:37.125Z [ 8256: 8324] E SSL_do_handshake returned SSL error= 1 reason=1000 error:00000001:lib(0):func(0):reason(1) SSL*=000002BCF1C6FAB0
    2022-03-23T09:06:37.127Z [ 8256: 8324] E Failed to set up SSL MITM encryption: Unrecoverable SSL error during handshake(): error:000003E8:lib(0):func(0):reason(1000)
    2022-03-23T09:06:37.134Z [ 8256: 8316] E Connection closed before handshake completed
    2022-03-23T09:06:37.141Z [ 8256: 8316] I [webengine] Closing connection 0x2bcf1f4df40 for 'support.hiddenforprivacy.com': request=517b, response=103b, lifetime=145ms, firstResponse=129ms, businessLogicDelay=0ms, timeInCache=8ms, in=137ms, out=137ms

  • the issue was caused by XG SSL decryption in front of Intercept-X.

    The XG did not know the intermediate CA provided by the website.

    GoDaddy Secure Server Certificate (Intermediate Certificate) - G2

    973a41276ffd01e027a2aad49e34c37846d3e976ff6a620b6712e33832

    adding CA on XG and the error was gone with Intercept-X