Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Unable to display certain HTTPS websites in Firefox and Chrome when connecting through InterScan Web Security Virtual Appliance (IWSVA)

    • Updated:
    • 17 Apr 2017
    • Product/Version:
    • InterScan Web Security Virtual Appliance 6.5
    • Platform:
    • N/A N/A
Summary

Some HTTPS websites are not displayed by Chrome or Firefox but are displayed by Internet Explorer when connecting through IWSVA using HTTPS decryption.

  • Chrome will display the following error message:

    This site can't be reached

    error_chrome

  • Firefox will display the following error message:

    Secure Connection Failed 

    error_firefox

 
If TLS 1.0 and TLS 1.1 are disabled in the Internet Options of Windows, Internet Explorer will not display these websites either (this is also the case for some websites if only TLS 1.0 has been disabled).
Details
Public

The issue occurs when the web server hosting the website does not support TLS 1.2 and IWSVA is set to connect to the web server with the same SSL method as the client. Chrome and Firefox will always try to connect to a web server with TLS 1.2 first. If the connection from IWSVA to the web server via TLS 1.2 fails, Chrome and Firefox will close the connection rather than try again with a different SSL method.

To resolve the issue, you can customize the settings for the SSL method used by IWSVA so that IWSVA will try to connect to the web server with a different SSL method if it does not support TLS 1.2. This way, browsers such as Chrome and Firefox will not close the connection.

  1. Log on to the web console and go to HTTP > HTTPS Decryption Settings > SSL Method.
  2. Tick the Customize SSL setting radio button then select the following checkboxes:

    • Under Client SSL Method:

      • TLSv1.2
      • TLSv1.1
      • TLSv1.0

    • Under Server SSL Method:

      • TLSv1.2
      • TLSv1.1
      • TLSv1.0

    SSL method

    Click image to enlarge

  3. Click Save.
 
Allowing IWSVA to connect to a website using TLS 1.0 and/or TLS 1.1 slightly decreases security. However, this is neccesary if you want to allow users to connect to websites which do not support TLS 1.2.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot
Solution Id:
1116854
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.