How and I add multiple SSL exceptions

How and I add multiple SSL exceptions

Postby gomi » Tue Oct 06, 2015 3:28 pm

Hi,

it seems the SSL excpetions is a radio button, and I can't select multiple exceptions.

Thankls
gomi
 
Posts: 7
Joined: Thu Jan 26, 2012 2:34 pm

Re: How and I add multiple SSL exceptions

Postby Gangadhar » Sat Oct 10, 2015 4:05 pm

Yes options are radio buttons. You cannot select multiple error levels.
Options are not exceptions those are levels of exceptions.
The error levels are mentioned in increasing order.
If you allow a particular error level in SSL inspection then SafeSquid excepts errors which are up to that level.

The error levels associated as follows
X509_V_OK = 0
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 2
X509_V_ERR_UNABLE_TO_GET_CRL = 3
X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE = 4
X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE = 5
X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY = 6
X509_V_ERR_CERT_SIGNATURE_FAILURE = 7
X509_V_ERR_CRL_SIGNATURE_FAILURE = 8
X509_V_ERR_CERT_NOT_YET_VALID = 9
X509_V_ERR_CERT_HAS_EXPIRED = 10
X509_V_ERR_CRL_NOT_YET_VALID = 11
X509_V_ERR_CRL_HAS_EXPIRED = 12
X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 13
X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 14
X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD = 15
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 16
X509_V_ERR_OUT_OF_MEM = 17
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = 18
X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN = 19
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 20
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = 21
X509_V_ERR_CERT_CHAIN_TOO_LONG = 22
X509_V_ERR_CERT_REVOKED = 23
X509_V_ERR_INVALID_CA = 24
X509_V_ERR_PATH_LENGTH_EXCEEDED = 25
X509_V_ERR_INVALID_PURPOSE = 26
X509_V_ERR_CERT_UNTRUSTED = 27
X509_V_ERR_CERT_REJECTED = 28
X509_V_ERR_SUBJECT_ISSUER_MISMATCH = 29
X509_V_ERR_AKID_SKID_MISMATCH = 30
X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH = 31
X509_V_ERR_KEYUSAGE_NO_CERTSIGN = 32
X509_V_ERR_APPLICATION_VERIFICATION = 50

So if you select X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN in the SSL inspection section then all the errors below to it are allowed.
The listing is done on basis of error severity. If you decide to give exception to self signed certificates then there is nothing wrong in giving exceptions to the errors below than that.
Regards,
Gangadhar Akula
Team Lead, SafeSquid Labs.
Gangadhar
 
Posts: 5
Joined: Thu Mar 21, 2013 12:12 pm
Location: Mumbai,Maharashtra, India

Re: How and I add multiple SSL exceptions

Postby gomi » Sat Oct 10, 2015 4:23 pm

OK thanks
gomi
 
Posts: 7
Joined: Thu Jan 26, 2012 2:34 pm


Return to SafeSquid for Windows

Who is online

Users browsing this forum: No registered users and 0 guests

cron