Facebook and Instagram Applications Do Not Work When the ProxySG/ASG Appliances Intercept Traffic (2024)

Users cannot access these applications because the SSL Proxy ciphers do not overlap with the incoming client's cipher list. This affects ProxySG/ASG appliances running SGOS 6.5.x, 6.6.x, or 6.7.x.

In cases where the client hello has cipher suites we can support, but upstream an unsupported cipher is chosen, we can renegotiate taking out the unsupported cipher only in a second request. In this case, the upstream would be downgraded to make the connection possible. However,Facebook/Instagram mobile applications are enforced to only use TLS 1.3, which only has three cipher suites.Currently, the ProxySG/ASG appliances will only support TLS 1.3 if it will downgrade the connection and process as TLS 1.2. The application sends only three ciphers, which does not allow the proxy to downgrade from TLS 1.3 to TLS 1.2.

See Also
Facebook Messenger, Instagram to only get end-to-end encryption by 2023: Here’s whyInstagram makes encrypted direct messaging available in Ukraine and Russia | TechCrunchLe Mode Vanish : Utilisation sur Messenger et Instagram2023 Instagram Algorithm Solved: How to Get Your Content Seen

Example Log Output

1787.163 SSLW 21BFD381D0 (6380FDB0): shutdown: SSL Worker previous state 2, error code 15, line 540
1787.163 SSLW 21BFD381D0 (6380FDB0): Unknown client SSL ciphers(error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher) for ssl://31.13.72.8:443/
1787.161 SSLW 212704D1D0 (4C40FB21): SSL Intercept URL: "ssl://216.58.211.10:443/"
1787.159 SSLW 2111CFE1D0 (3E40F92F): No SSL intercept decision for ssl://mvm.snapchat.com:443/
1787.159 SSLW 2111CFE1D0 (3E40F92F): SSL Proxy URL: "ssl://mvm.snapchat.com:443/"
1787.159 SSLW 2111CFE1D0 (3E40F92F): Intercept property set to no for *.snapchat.com
1787.158 SSLW 1E057151D0 (4C00FB21): shutdown: SSL Worker previous state 2, error code 15, line 540
1787.158 SSLW 1E057151D0 (4C00FB21): Unknown client SSL ciphers(error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher) for ssl://31.13.72.8:443/

In this example log file, the following three incoming cipher lists in the client hello from the Android mobile devices are not present in the SSL Proxy's cipher list.

Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)


To compare the list of cipher suites the mobile devices use to the suites the ProxySG/ASG appliances are shipped with, see Cipher Suites Shipped With the ProxySG and ASG Appliances and compare the IANA name or the hex value of the mobile device suites.

Facebook and Instagram Applications Do Not Work When the ProxySG/ASG Appliances Intercept Traffic (2024)
Top Articles
TAVECCHIACOIN
Are All Debt Solutions Right For You? - Debt Consolidation USA
Cheap Flights from Kinshasa to Los Angeles - Cheapflights.co.uk
Miracle or mirage? Atmospheric rivers end California drought year with heavy snow and rain
Latest Posts
India’s fintech revolution is primed to put banks out of business | TechCrunch
Financial Icon Jacob Rothschild Passes Away at 87: Legacy Beyond Numbers
Article information

Author: Amb. Frankie Simonis

Last Updated:

Views: 6332

Rating: 4.6 / 5 (56 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Amb. Frankie Simonis

Birthday: 1998-02-19

Address: 64841 Delmar Isle, North Wiley, OR 74073

Phone: +17844167847676

Job: Forward IT Agent

Hobby: LARPing, Kitesurfing, Sewing, Digital arts, Sand art, Gardening, Dance

Introduction: My name is Amb. Frankie Simonis, I am a hilarious, enchanting, energetic, cooperative, innocent, cute, joyous person who loves writing and wants to share my knowledge and understanding with you.