{"id":2691,"date":"2017-04-22T00:28:04","date_gmt":"2017-04-21T22:28:04","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=2691"},"modified":"2020-12-13T08:01:17","modified_gmt":"2020-12-13T07:01:17","slug":"tls-interception-sophos-firewall-blocks-cas-in-google","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2017\/04\/22\/tls-interception-sophos-firewall-blocks-cas-in-google\/","title":{"rendered":"TLS-INTERCEPTION: Sophos-Firewall blocks CAs in Google"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">Users of Google Chrome browser are facing trouble visiting HTTPS websites, if a Sophos firewall is used. The browser shows certificate warnings and saying, the the communication isn't private. <\/p>\n<p><!--more--><\/p>\n<p>I was notified via <a href=\"https:\/\/twitter.com\/HanspeterHolzer\/status\/855000839127224320\" target=\"_blank\" rel=\"noopener\">this tweet<\/a> from Hans-Peter Holzer about this topic. He pointed out, that Chromium 58 browser won't accept certificats (CAs), if a Sophos firewall is installed (which is the case within his environment). <\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p lang=\"en\" dir=\"ltr\">Great! <a href=\"https:\/\/twitter.com\/googlechrome\">@googlechrome<\/a> 58 now distrusting all <a href=\"https:\/\/twitter.com\/hashtag\/MITM?src=hash\">#MITM<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/proxy?src=hash\">#proxy<\/a> CA. Cert pinning? Breaking corporate environments using <a href=\"https:\/\/twitter.com\/SophosSupport\">@SophosSupport<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/UTM?src=hash\">#UTM<\/a> etc. <a href=\"https:\/\/t.co\/i6T4zAyaIs\">pic.twitter.com\/i6T4zAyaIs<\/a><\/p>\n<p>\u2014 Hanspeter Holzer (@HanspeterHolzer) <a href=\"https:\/\/twitter.com\/HanspeterHolzer\/status\/854970185886949377\">20. April 2017<\/a><\/p><\/blockquote>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>If a user visits a website via <em>https<\/em>, the following certificate warning will be shown within Chromium. <\/p>\n<p><a href=\"https:\/\/i.imgur.com\/QatOEiv.jpg\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" title=\"SSL-Warnung\" alt=\"SSL-Warnung\" src=\"https:\/\/i.imgur.com\/QatOEiv.jpg width=\"641\" height=\"333\"><\/a><\/p>\n<p>This bus is reported since March 2017 <a href=\"https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=700354#c7\" target=\"_blank\" rel=\"noopener\">here<\/a>. The answer from Sophos support is straight: Use another browser or deactivate HTTPS scanning in Sophos firewall. <\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/HanspeterHolzer\">@HanspeterHolzer<\/a> <a href=\"https:\/\/twitter.com\/googlechrome\">@googlechrome<\/a> <a href=\"https:\/\/twitter.com\/etguenni\">@etguenni<\/a> <a href=\"https:\/\/twitter.com\/golem\">@golem<\/a> <a href=\"https:\/\/twitter.com\/heisec\">@heisec<\/a> Hi At the moment the Work around is to disable HTTPS scanning or Use another Web Browser .^ ap<\/p>\n<p>\u2014 Sophos Support (@SophosSupport) <a href=\"https:\/\/twitter.com\/SophosSupport\/status\/854984578779545601\">20. April 2017<\/a><\/p><\/blockquote>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>Sophos has published <a href=\"https:\/\/community.sophos.com\/products\/unified-threat-management\/f\/general-discussion\/91085\/https-scanning-web-protection-ssl-error-err_cert_common_name_invalid\/330113\" target=\"_blank\" rel=\"noopener\">a short explanation<\/a>, why this happens. This incident shows another time, that third party vendors shall not inspect https communication \u2013 we have seen many cases, wher TLS interceptions has weakened https or systems. US-CERT has issued last March an alert <a href=\"https:\/\/www.us-cert.gov\/ncas\/alerts\/TA17-075A\" target=\"_blank\" rel=\"noopener\">HTTPS Interception Weakens TLS Security<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Users of Google Chrome browser are facing trouble visiting HTTPS websites, if a Sophos firewall is used. The browser shows certificate warnings and saying, the the communication isn't private.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[780,781,69,254,782],"class_list":["post-2691","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-chrome","tag-firewall","tag-security","tag-sophos","tag-tls"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/2691","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=2691"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/2691\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=2691"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=2691"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=2691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}