We can't access web hotmail and I don't know that what happen ? The rule policy not block. Please see capture screen detail below.
Yes, same thing to me here today.
|The SSL handshake could not be performed.|
But when I bypassed the proxy, everything is working as normal.
I can replicate the problem. This is a known problem with some SSL sites which should be solved in the near future. For the meantime there is a workaround described here:
It describes how to apply a workaround for several web sites which are added to a list. If you add the rule described and add "login.live.com" to the associated list access will work.
Hm.. so in this case I'm confused.
by creating the workaround above, it means that the security policy for the clients in our domain is lowered down as the workaround until Microsoft or Hotmail change their settings?
So when should I remove this exception / work around ?
If you follow the POODLE guide, it's not a workaround it's the overall fix so there is no need to maintain or remove anything.
"If URL.Host is in list "TLS 1.0 Fallback Hosts" Then Stop Rule Set and use our "Certificate Verification with TLS 1.0 Fallback" setting for SSL Scanner""
but somehow I cannot find the AND button to click to select the SSL scanner setting?
see below screenshot:
So I guess in this case I will now have to maintain the list of SSL 3.0 site exceptions which may be required by the users.
I wasn't aware of the POODLE guide, you definitely want to go for it.
My version is - as stated - a workaround only for specific sites. I was assuming this behaviour is caused by a problem which will be fixed in a later MWG version, in such situations you may want to go for a temporary workaround :-)