|Applies To||RSA Product Set: Security Analytics|
Platform: Bluecoat SSL Visibility
|Issue||Traffic between Google Chrome and Google services, such as Gmail, can no longer be decrypted by SSLV and result in an Invalid MAC error. |
The user sees the Chrome browser report This webpage is not available, with an ERR_CONNECTION_CLOSED message.
This issue affects both Windows and MAC versions of Chrome. Safari and Firefox do not appear to be affected.
|Cause||This change in behavior is due to Google enabling new TLS extensions not supported by SSL v3, specifically signed_cert_timestamp and extended_master_secret.|
|Workaround||A cut-through rule should be added in the appliance's policy for *.google.com to allow for successful connections to Google services.|
|Notes||Bluecoat SSL visibility is used to decrypt encrypted traffic before it is sent to the packet decoder for capturing.|
RSA used to sell the SSL visibility appliance to customers so we support issues that happen to the SSL Visibility.