This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

iOS MAIL app HTTPS decryption exception

Hello Everyone,

From my experience so far, it looks like most of iOS apps whether 3rd party or not simply don't work with SSL decryption enabled. At least Safari accepts the HTTPS signing CA.

My latest challenge is finding what I need to exempt to get iOS Mail default app to work again. Below is what appeared in web filtering log at the time I attempted to check mail when SSL decryption is disabled. I tried created exceptions for all of these but it still isn't working with SSL decryption enabled. Any ideas for those who have encountered this before?

No Decryption

2015:10:03-17:36:22 *** httpproxy[14760]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.0.12" dstip="184.51.0.41" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (No Decrypt Filter)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6463" request="0xe8e3000" url="init-p01st.push.apple.com/.../x-apple-plist"

2015:10:03-17:36:23 *** httpproxy[14760]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.0.12" dstip="" user="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo (No Decrypt Filter)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2507" request="0xa00f000" url="courier.push.apple.com/" referer="" error="Host not found" authtime="0" dnstime="199191" cattime="41715" avscantime="0" fullreqtime="472953" device="0" auth="0" ua="" exceptions="av,ssl"
2015:10:03-17:36:26 *** httpproxy[14760]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.12" dstip="17.151.236.37" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (No Decrypt Filter)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5319" request="0xb073000" url="p18-keyvalueservice.icloud.com/" referer="" error="" authtime="0" dnstime="8" cattime="297" avscantime="0" fullreqtime="422287" device="0" auth="0" ua="" exceptions="" category="170" reputation="trusted" categoryname="Personal Network Storage"
2015:10:03-17:36:28 *** httpproxy[14760]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.12" dstip="17.151.236.37" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (No Decrypt Filter)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5319" request="0xca42800" url="p18-keyvalueservice.icloud.com/" referer="" error="" authtime="0" dnstime="7" cattime="360" avscantime="0" fullreqtime="281168" device="0" auth="0" ua="" exceptions="" category="170" reputation="trusted" categoryname="Personal Network Storage"
2015:10:03-17:36:51 *** httpproxy[14760]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.12" dstip="17.173.254.14" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (No Decrypt Filter)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5538" request="0xc9c9000" url="service.gc.apple.com/" referer="" error="" authtime="0" dnstime="26569" cattime="30587" avscantime="0" fullreqtime="31208286" device="0" auth="0" ua="" exceptions="av,ssl"
2015:10:03-17:36:52 *** httpproxy[14760]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.12" dstip="17.173.254.14" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (No Decrypt Filter)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2371" request="0xe71eb800" url="service.gc.apple.com/" referer="" error="" authtime="0" dnstime="7" cattime="317" avscantime="0" fullreqtime="31667619" device="0" auth="0" ua="" exceptions="av,ssl"
2015:10:03-17:37:06 *** httpproxy[14760]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.12" dstip="17.151.236.37" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (No Decrypt Filter)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6544" request="0xd15d800" url="p18-keyvalueservice.icloud.com/" referer="" error="" authtime="0" dnstime="684" cattime="294" avscantime="0" fullreqtime="251610" device="0" auth="0" ua="" exceptions="" category="170" reputation="trusted" categoryname="Personal Network Storage"
2015:10:03-17:37:40 *** httpproxy[14760]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.12" dstip="17.151.230.4" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (No Decrypt Filter)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4014" request="0xd51a800" url="guzzoni.apple.com/" referer="" error="" authtime="0" dnstime="8" cattime="323" avscantime="0" fullreqtime="245651" device="0" auth="0" ua="" exceptions="av,ssl"
2015:10:03-17:37:45 *** httpproxy[14760]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.12" dstip="17.151.230.4" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (No Decrypt Filter)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6835" request="0xa206800" url="guzzoni.apple.com/" referer="" error="" authtime="0" dnstime="63755" cattime="304" avscantime="0" fullreqtime="5251182" device="0" auth="0" ua="" exceptions="av,ssl"
2015:10:03-17:37:50 *** httpproxy[14760]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.12" dstip="17.151.230.4" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (No Decrypt Filter)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4014" request="0xa1b3000" url="guzzoni.apple.com/" referer="" error="" authtime="0" dnstime="8" cattime="290" avscantime="0" fullreqtime="679647" device="0" auth="0" ua="" exceptions="av,ssl"



With Decryption enabled:

2015:10:03-20:41:27 *** httpproxy[14760]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="172.16.28.104" dstip="17.151.230.4" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Decrypt Filter)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4137" request="0xa379800" url="guzzoni.apple.com/" referer="" error="" authtime="0" dnstime="25943" cattime="288" avscantime="0" fullreqtime="5383013" device="0" auth="0" ua="" exceptions="av,ssl"

2015:10:03-20:41:29 *** httpproxy[14760]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="172.16.28.104" dstip="17.151.227.29" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Decrypt Filter)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5322" request="0xe2158800" url="p16-keyvalueservice.icloud.com/" referer="" error="" authtime="0" dnstime="43674" cattime="300" avscantime="0" fullreqtime="268354" device="0" auth="0" ua="" exceptions="ssl" category="170" reputation="trusted" categoryname="Personal Network Storage"
2015:10:03-20:41:39 *** httpproxy[14760]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="172.16.28.104" dstip="" user="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo2 (Decrypt Filter)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2507" request="0xce19800" url="courier.push.apple.com/" referer="" error="Host not found" authtime="0" dnstime="48937" cattime="290" avscantime="0" fullreqtime="307143" device="0" auth="0" ua="" exceptions="av,ssl"
2015:10:03-20:41:42 *** httpproxy[14760]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="172.16.28.104" dstip="17.151.227.29" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Decrypt Filter)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5321" request="0xc7bb800" url="p16-keyvalueservice.icloud.com/" referer="" error="" authtime="0" dnstime="7" cattime="26218" avscantime="0" fullreqtime="188056" device="0" auth="0" ua="" exceptions="ssl" category="170" reputation="trusted" categoryname="Personal Network Storage"
2015:10:03-20:41:45 *** httpproxy[14760]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="172.16.28.104" dstip="17.151.227.80" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Decrypt Filter)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4174" request="0xc933800" url="p16-mailws.icloud.com/" referer="" error="" authtime="0" dnstime="7" cattime="364" avscantime="0" fullreqtime="149042" device="0" auth="0" ua="" exceptions="ssl" category="170" reputation="trusted" categoryname="Personal Network Storage"

thank you!


This thread was automatically locked due to age.
Parents
  • Glad you found something that works for you!  Generally I only decrypt sites that I want to block, and sites that are "uncategorized\new domains" to utilize the AV scanning and gauruntee blocking.  This also has the added benefit of keeping unnecessary overhead at bay.  

    Have a good one!
Reply
  • Glad you found something that works for you!  Generally I only decrypt sites that I want to block, and sites that are "uncategorized\new domains" to utilize the AV scanning and gauruntee blocking.  This also has the added benefit of keeping unnecessary overhead at bay.  

    Have a good one!
Children
No Data