SSL Inspection

2 min. readlast update: 07.02.2024

Many applications and services do not function correctly when their encrypted traffic is intercepted and subject to SSL inspection. This can lead to disruptions and service outages, necessitating exceptions in the SSL inspection policy. 

The reason for this is that compatibility issues with SSL/TLS encryption, especially in the context of SSL inspection, can be significant in specific environments. These issues arise when the normal flow of encrypted traffic is interrupted by a security device or system that decrypts, inspects, and re-encrypts the traffic. This process can sometimes conflict with how specific applications or services expect SSL/TLS to work, leading to various problems: 

  1. Custom Implementations: Some applications or custom implementations of SSL/TLS might not adhere to current standards. These applications can be particularly sensitive to changes in the encryption pathway, leading to connection issues or failures. 
  2. Encrypted Protocols Inside SSL/TLS: Some services tunnel other encrypted protocols within SSL/TLS. SSL inspection devices might be unable to correctly process or re-encrypt these nested protocols, causing failures or data corruption. 
  3. We have seen interference with the download process where the files can be corrupted on download. 
  4. Inspection can sometimes change the way the body is presented, causing issues with the verification of the response. 

ThreatLocker® may function without its traffic being excluded from SSL inspection. However, based on our experience, there is a possibility that customers using certain firewalls may need to exclude traffic to/from *.threatlocker.com from SSL inspection. If preferred, specific hosts can be excluded - apps.threatlocker.com, api.{instance}.threatlocker.com, core.threatlocker.com, updates.threatlocker.com, corecdn.threatlocker.com, upload.threatlocker.com.

Was this article helpful?