cancel
Showing results for 
Search instead for 
Did you mean: 

GMAIL & SSL Issues

We are running into some issues with Gmail and the SSL Scanner. I think Gmail has updated their SSL cipher and we are seeing the following issues across all browsers:

  • We can't delete emails
  • If we are able to delete emails, the next time we load Gmail all the deleted messages are still in our inbox

If I bypass the SSL scanner in MWG for mail.google.com then everything works fine. The issue with this is that we block uploads/downloads in Gmail and if we bypass the scanner our upload block rule no longer works.

Does anyone have any workarounds to get this working but keep blocking uploads/downloads?

Thanks!

6 Replies
Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 2 of 7

Re: GMAIL & SSL Issues

Wondering, recheck/validate MWG configuration:

McAfee Corporate KB - How to configure Web Gateway to control access to Google consumer services KB7...

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers

Re: GMAIL & SSL Issues

Thank tao, but we want to allow access to consumer Gmail. Just not allow uploads.

Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 4 of 7

Re: GMAIL & SSL Issues

Understood, just was wondering if you had any rule sets in place - perhaps review them again, just to rule them out.

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers

Re: GMAIL & SSL Issues

Gotcha, I'll play around with it a bit but I haven't had much luck so far. Whitelisting it to bypass the SSL scanner is the only that that's fixing it.

Re: GMAIL & SSL Issues

Using the developer tools in a browser can be very useful when some background element is getting a block page or, in this case, a handshake failure.  You can look at the HTTP status text, as it will have the "Block Reason" from the block settings. 

Copy the blocked URL's and pull them up directly in the browser, so that you can examine the error text. 

If includes "unsafe legacy renegotiation", then you need settings (you can have multiple settings) that have checked "Allow handshake and renegotiation with servers that do not implement RFC 5746". 

I've only found a few sites that don't like "Send empty plaintext fragment".  You'll need "Allow legacy signatures in the handshake" checked for SHA1. 

And, there are plenty of sites that will just drop a connection if you allow SSLv3, even if you have all the TLS versions check.

Form there, it's all about the ciphers.

Highlighted

Re: GMAIL & SSL Issues

Thanks for the help johnaldridge.

I've actually tried changing some of the inspection (I've narrowed the issue down to "Enable Content Inspection" rule) options but no luck. I worked with a tech and changed some of the cipher options, but again to no avail. It seems that the content inspection is stalling the connection to Gmail.

I'm looking at the developer tools and when I look at the Security tab I notice that some are Unknown / Canceled:

DevTools1.PNG

So then I click on one and go to the Network Panel and it appears to be stalling:

DevTools2.PNG

I still can't figure out why it's stalling. I'm not sure where I should look next?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community