ATP500 SSL INSPECTION 4.55

sk8erbender
sk8erbender Posts: 74  Ally Member
First Anniversary Friend Collector First Comment
edited April 2021 in Security
Hello everyone ! Since 4.55 update we have issues with ssl inspection enabled.
Everyone who sits with ssl inspection enabled have a long time loading web pages.
Switching on another firmware to 4.50  have no problem same configuration.

Where to dig ?

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    It could be related to SSL inspection RSA key length. 
    What is your device RSA key on V4.55? 1024-bit or 2048-bit? (rsa-1024 is faster than rsa 2048.)
     
    Check ssl-inspection key length:
    Router> show ssl-inspection status


  • sk8erbender
    sk8erbender Posts: 74  Ally Member
    First Anniversary Friend Collector First Comment
    Cert Cert is 2048 while in ssl settings use 1024

    Should I create cert 1024 ?
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Does this issue on MAC OS or Windows OS?
    Based on my understanding, if your client is MAC OS 10.15, The OS only trust RSA key greater than or equal 2048 bits.
    In this case, you need to adjust key length to RSA2048.
    Adjust ATP key length
             
    Requirements for trusted certificates in iOS 13 and macOS 10.15

Security Highlight