Article Content
Article Number | 000031844 | |
Applies To | RSA Product Set: Security Analytics Platform: Bluecoat SSL Visibility | |
Issue | Traffic between Google Chrome and Google services, such as Gmail, can no longer be decrypted by SSLV and result in an Invalid MAC error. The user sees the Chrome browser report This webpage is not available, with an ERR_CONNECTION_CLOSED message. This issue affects both Windows and MAC versions of Chrome. Safari and Firefox do not appear to be affected. | |
Cause | This change in behavior is due to Google enabling new TLS extensions not supported by SSL v3, specifically signed_cert_timestamp and extended_master_secret. | |
Resolution |
| |
Workaround | A cut-through rule should be added in the appliance's policy for *.google.com to allow for successful connections to Google services. | |
Notes | Bluecoat SSL visibility is used to decrypt encrypted traffic before it is sent to the packet decoder for capturing. RSA used to sell the SSL visibility appliance to customers so we support issues that happen to the SSL Visibility. |