Using the new DPI SSL/TSL, Linkedin does not open with Firefox on Mac

Linkedin does not open at all.

Parents Reply
  • Hi Toni,

    in theory you are correct, but the current DPI does not seem to follow the rules.

    Please tell me what I am doing wrong with my DPI configuration.

    In the screenshot below ignore the middle line.

    I removed all the CAs from FF and shutdown the MBP while shopping for an hour or so, restarted the MBP and used FF to connect to Luk's failing website - www.amazon.it.

    Ian

     
    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    If a post solves your question use the 'This helped me' link.
Children
  • I guess there is an error in my statement.

    If you configure a Decrypt rule, DPI will decrypt, no matter what. If you are not import any CA, the Client will fail. 

    Your Rule 3 seems to give the DPI engine the order to decrypt this traffic (Source, Destination hit?). 

    If you have a Rule with "Do not decrypt" but block certain cipher, DPI will not decrypt but block. 

     

    __________________________________________________________________________________________________________________

  • Hi Toni,

    an interesting comment. Only one device is passed by the SSL/TLS rule all the rest cheerfully ignore the rule and connect without errors or at least errors that show in logviewer.

    I have functionality for the applications.

    Luk's failing site continues to work through firefox without a CA.

    Ian

     
    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Thanks Ian for your tests. Without some developers looking at the issue, our hands are tied...