TLS-INTERCEPTION: Sophos-Firewall blocks CAs in Google

Users of Google Chrome browser are facing trouble visiting HTTPS websites, if a Sophos firewall is used. The browser shows certificate warnings and saying, the the communication isn’t private.


I was notified via this tweet from Hans-Peter Holzer about this topic. He pointed out, that Chromium 58 browser won’t accept certificats (CAs), if a Sophos firewall is installed (which is the case within his environment).

If a user visits a website via https, the following certificate warning will be shown within Chromium.


This bus is reported since March 2017 here. The answer from Sophos support is straight: Use another browser or deactivate HTTPS scanning in Sophos firewall.


Sophos has published a short explanation, why this happens. This incident shows another time, that third party vendors shall not inspect https communication – we have seen many cases, wher TLS interceptions has weakened https or systems. US-CERT has issued last March an alert HTTPS Interception Weakens TLS Security.


This entry was posted in Security, Windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *