Cannot access SSL website when corporate proxy use man-in-the-middle attack to analyze SSL traffic
Our company uses a proxy which analyzes SSL traffic on some web sites. This is done via man-in-the-middle attack. The proxy generates a new certificate on the fly that it sends to the client, impersonating a secure server. After upgrading on Firefox 10.0 I always get error: HTTP Error Status: 400 Bad Request after confirmation of security exception.
Solution choisie
Maybe this is related to bug fixes of the BEAST (Browser Exploit Against SSL/TLS) attack
- bug 702111 - Servers intolerant to 1/n-1 record splitting. "The connection was reset" (see also comment 60)
Toutes les réponses (2)
Solution choisie
Maybe this is related to bug fixes of the BEAST (Browser Exploit Against SSL/TLS) attack
- bug 702111 - Servers intolerant to 1/n-1 record splitting. "The connection was reset" (see also comment 60)
This does not appear to be the same problem. In bug 702111 the page https://store.toto-dream.com/toto/member/ToHPLogin.do could not be opened. I can open this page without problem and the form is shown. The problem I have seems to be related to proxy which analyze SSL traffic generating a certificate on the fly. Usually in these case Firefox gives a security warning. Before version 10.0 I was able to continue and open the page but now after accepting I got the error: "HTTP Error Status: 400 Bad Request"