Google Services are Not Decrypted when Accessed from Chrome

Google Services are Not Decrypted when Accessed from Chrome

42651
Created On 09/25/18 17:41 PM - Last Modified 06/01/23 07:56 AM


Resolution


Problem

SSL Decrypt is configured for all Google Services.
But when using the Chrome browser to launch any services provided by Google, the decryption doesn't work.
When we check the session details, we can see the traffic being identified as quic.

 

Cause

Google uses experimental quic protocol to provide a faster SSL user experience.
quic works over udp/80 and udp/443. Since this is not a standard TLS/SSL traffic, we cannot decrypt the traffic.

 

Solution

We need to fall back to TLS/SSL to get the decryption working.
Options available:

  1. Disable quic on the Chrome browser.
    To do this, open a new tab in Chrome and type chrome://flags in the title bar.
    2015-10-07 13_16_38-chrome___flags.jpg
    Go to Experimental QUIC protocol.
    Change to Disabled. Default action is Enabled.
    Restart the browser.
  2. Deny quic in the firewall using a security policy.
  3. Deny udp/80 and udp/443 traffic using a security policy.

Note: When quic is disabled, the Chrome browser falls back to traditional TLS/SSL.

Additional Information


QUIC is also enabled on the Edge browser by default. It can be disabled as follows.

1. Type edge://flags in the title bar.
User-added image
2. Go to "Experimental QUIC protocol"
3. Change it from "Default" to "Disabled". (Default action is Enabled.)
4. Restart the browser.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHzCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language