I've got an Toon Thermostat, that creates an openVPN connection to the eneco datacenter for transmitting the usage data, as soon as i enable the SSL/TLS inspection the display shows "no connection to service center. I've created an rule that says "dont decrypt" for that specific host and even the complete network but still it fails on connecting, i guess this problem will occure for more iot devices when the SSL/TLS engine is turned on. When it doesnt connect there is nothing visible in the SSL/TLS inspection logviewe except from "do not decrypt"
Just to be sure:
You are running EAP3 Refresh1?
Does it work, if you disable "all" SSL Rules?
Yes i'm running the refresh 1
OpenVPN sends a couple of packets of its own protocol before actually initiating the TLS connection with a Client Hello packet. In EAP3-refresh we impose strict protocol restrictions on port 443 and port 80 to prevent their use for tunnelling arbitrary protocols, and these extra packets cause us to identify this as non-compliant.
In EAP3 refresh, this issue can be fixed by taking the following steps:
1. Log on to your firewall via ssh, or use the link in the Admin UI to open the device console (admin > Console, in the top right-hand corner)
2. Select option 4 (Device Console)
3. At the console> prompt, enter the following command:
set http_proxy relay_invalid_http_traffic on