Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
problem https transparent proxy when open facebook
« previous
next »
Print
Pages: [
1
]
Author
Topic: problem https transparent proxy when open facebook (Read 5575 times)
rokoman
Newbie
Posts: 1
Karma: 0
problem https transparent proxy when open facebook
«
on:
May 15, 2018, 09:38:22 pm »
See attach error
Logged
kevin192291
Newbie
Posts: 9
Karma: 0
Re: problem https transparent proxy when open facebook
«
Reply #1 on:
July 23, 2018, 05:22:27 pm »
Hey Rokoman, I am trying to get an ssl proxy working too. I am not 100% sure, but I have come to believe that this is due to SSL Pinning
https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
The reason I want an ssl proxy is so I can scan viruses, and I would say that Facebook is safe. you can exclude it and it should work just fine. It is also recommended that you exclude any banking/known secure sites from ssl interception too
Logged
franco
Administrator
Hero Member
Posts: 17678
Karma: 1613
Re: problem https transparent proxy when open facebook
«
Reply #2 on:
July 24, 2018, 08:13:10 am »
It looks like there is already a MITM going on on a Cisco device in front of the OPNsense. This shouldn't be facebook's CA chain.
Cheers,
Franco
Logged
proofy
Newbie
Posts: 3
Karma: 0
Re: problem https transparent proxy when open facebook
«
Reply #3 on:
December 03, 2018, 11:47:29 am »
It's because of the new TLS 1.3. Facebook already uses this on the servers. Even if you don't change the encrypted content, the logging of the SNI information will probably change the header so that a TSL 1.3 capable browser (correctly) displays an error. Adding now all domains that use TLS 1.3 as an exception is not a practical way.
But I can't think of a simple solution either.
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: problem https transparent proxy when open facebook
«
Reply #4 on:
December 03, 2018, 12:34:41 pm »
Force downgrade to 1.2 when possible ...
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
proofy
Newbie
Posts: 3
Karma: 0
Re: problem https transparent proxy when open facebook
«
Reply #5 on:
December 04, 2018, 03:11:10 pm »
How to force TLS 1.2 in squid 3.X ?
Logged
fabian
Moderator
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: problem https transparent proxy when open facebook
«
Reply #6 on:
December 04, 2018, 05:44:12 pm »
Not needed, on OPNsense an older version of OpenSSL/LibreSSL is used, which has no TLS 1.3 support. Frank and I are already waiting for it because we need a newer version for our plugins (HAProxy and nginx).
In your case you should try to find out who is responsible for the man in the middle in your network as it is the only issue.
TLS 1.3 is backward compatible to TLS 1.2 because some middle boxes would break otherwise btw.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
problem https transparent proxy when open facebook