texting pics not sending via wireless https proxy

I tried to send a pic of a CarFax and it would not send.
Sending and receiving plain texts are ok.

I'm not sure what to fix when looking at my logs;

2020-06-19 16:55:06 Allow 172.16.30.36 172.217.4.234 https/tcp 39865 443 30-Harvey Emp 4-Comcast Cable ProxyInspect: HTTPS Request categories (Wireless_HTTPS-proxy-00) HTTPS-Client.Gen-1 proc_id="https-proxy" rc="592" msg_id="2CFF-0001" proxy_act="HTTPS-Client.Gen-1" service="WebBlocker.lounge" cats="Images (Media)" dstname="semanticlocation-pa.googleapis.com" geo_dst="USA" Traffic

2020-06-19 16:55:06 pxy 0xa927a50-51199 70: 172.16.30.36:39865 -> 172.217.4.234:443 [A t] {N}: Accept SSL Error [ret 0 | SSL err 1 | Details: ssl3_read_bytes/sslv3 alert certificate unknown] Domain: semanticlocation-pa.googleapis.com PFS: ALLOWED | ALLOWED Debug

2020-06-19 16:55:06 https-proxy 0xa927a50-51199 177371728:51199: nondata event 'SSL_FAILED: 70: 172.16.30.36:39865 -> 172.217.4.234:443 [A t] {N}' Debug

2020-06-19 16:55:06 https-proxy 0xa927a50-51199 70: 172.16.30.36:39865 -> 172.217.4.234:443 [A t] {N} | 98: 10.1.10.101:39865 -> 172.217.4.234:443 [B t] {X}[]: Connection closing on SSL failure (Domain: semanticlocation-pa.googleapis.com) Debug

2020-06-19 16:55:06 Allow 172.16.30.36 172.217.4.234 https/tcp 39865 443 30-Harvey Emp 4-Comcast Cable Allowed 60 63 (Wireless_HTTPS-proxy-00) proc_id="firewall" rc="100" msg_id="3000-0148" src_ip_nat="10.1.10.101" tcp_info="offset 10 S 3944585687 win 65535" route_type="PBR" geo_dst="USA" Traffic

I'm thinking it's got something to do with the "SSL failure" but not sure how to fix that issue.
I put *.textnow.me as an exception but it's not helping with pictures being sent through textnow.
Without the added logging (debug) all my logs are "allowed".

Comments

  • What XTM version are you running?

    From the docs:
    "The SSLv3 protocol is not secure, and it is not supported in Fireware 12.4 and higher."

  • Sorry; XTM 515, 12.1.3u3, AP120

    I should turn that off?

  • Since it is not secure - Yes

Sign In to comment.