Community Help Hub

chanatip · ‎01-04-2015

Hi guys,

We can't access web hotmail and I don't know that what happen ? The rule policy not block. Please see capture screen detail below.

Regards,

Sarm

mekafir · ‎01-04-2015

Yes, same thing to me here today.

The SSL handshake could not be performed.

Host: login.live.com
Reason: error:00000000:lib(0):func(0):reason(0)

But when I bypassed the proxy, everything is working as normal.

asabban2 · ‎01-05-2015

Hello,

I can replicate the problem. This is a known problem with some SSL sites which should be solved in the near future. For the meantime there is a workaround described here:

It describes how to apply a workaround for several web sites which are added to a list. If you add the rule described and add "login.live.com" to the associated list access will work.

Best,

Andre

jscholte · ‎01-05-2015

Also described in the POODLE guide! There is a subtle difference with the ciphers in Andre's link though.

Best Regards,

Jon

mekafir · ‎01-05-2015

Hm.. so in this case I'm confused.

by creating the workaround above, it means that the security policy for the clients in our domain is lowered down as the workaround until Microsoft or Hotmail change their settings?

So when should I remove this exception / work around ?

jscholte · ‎01-05-2015

Hi Meka,

If you follow the POODLE guide, it's not a workaround it's the overall fix so there is no need to maintain or remove anything.

Best Regards,

Jon

mekafir · ‎01-05-2015

Thanks, Jon.

I'm following the guide up to the point of

"If URL.Host is in list "TLS 1.0 Fallback Hosts" Then Stop Rule Set and use our "Certificate Verification with TLS 1.0 Fallback" setting for SSL Scanner""

but somehow I cannot find the AND button to click to select the SSL scanner setting?

see below screenshot:

jscholte · ‎01-05-2015

You should be looking at the rule criteria not the action.

For simplicity sake, please follow the POODLE guide ().

The guide Andre mentioned has you create a list that you must maintain, the POODLE guide updates the default rules to use the suggested settings.

Best Regards,

Jon

mekafir · ‎01-05-2015

yes Thank you , all of the Microsoft Passport sites are all working with your method 🙂

login.live.com
loginnet.passport.com
msnia.login.live.com
pst.microsoftpassportsupport.net
api.login.live.com
tools.login.live.com
xml.login.live.com
nexus.passport.com
login.passport.com
msnialogin.passport.com

So I guess in this case I will now have to maintain the list of SSL 3.0 site exceptions which may be required by the users.

asabban2 · ‎01-05-2015

Hello,

I wasn't aware of the POODLE guide, you definitely want to go for it.

My version is - as stated - a workaround only for specific sites. I was assuming this behaviour is caused by a problem which will be fixed in a later MWG version, in such situations you may want to go for a temporary workaround 🙂

Best,

Andre

Mcafee Web Gateway cannot access web hotmail

Re: Mcafee Web Gateway cannot access web hotmail

Re: Mcafee Web Gateway cannot access web hotmail

Re: Mcafee Web Gateway cannot access web hotmail

Re: Mcafee Web Gateway cannot access web hotmail

Re: Mcafee Web Gateway cannot access web hotmail

Re: Mcafee Web Gateway cannot access web hotmail

Re: Mcafee Web Gateway cannot access web hotmail

Re: Mcafee Web Gateway cannot access web hotmail

Re: Mcafee Web Gateway cannot access web hotmail

Community Help Hub

Join the Community