Cannot access SSL website when corporate proxy use man-in-the-middle attack to analyze SSL traffic
Our company uses a proxy which analyzes SSL traffic on some web sites. This is done via man-in-the-middle attack. The proxy generates a new certificate on the fly that it sends to the client, impersonating a secure server. After upgrading on Firefox 10.0 I always get error: HTTP Error Status: 400 Bad Request after confirmation of security exception.
Giải pháp được chọn
Maybe this is related to bug fixes of the BEAST (Browser Exploit Against SSL/TLS) attack
- bug 702111 - Servers intolerant to 1/n-1 record splitting. "The connection was reset" (see also comment 60)
Tất cả các câu trả lời (2)
Giải pháp được chọn
Maybe this is related to bug fixes of the BEAST (Browser Exploit Against SSL/TLS) attack
- bug 702111 - Servers intolerant to 1/n-1 record splitting. "The connection was reset" (see also comment 60)
This does not appear to be the same problem. In bug 702111 the page https://store.toto-dream.com/toto/member/ToHPLogin.do could not be opened. I can open this page without problem and the form is shown. The problem I have seems to be related to proxy which analyze SSL traffic generating a certificate on the fly. Usually in these case Firefox gives a security warning. Before version 10.0 I was able to continue and open the page but now after accepting I got the error: "HTTP Error Status: 400 Bad Request"