Facebook application will indicate login failure message when I login Facebook via android.

book

Article ID: 194282

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Facebook application will indicate login failure message when I login Facebook via android.

 

Cause

The android clients unexpectedly responds with [FIN, ACK]  after Server Hello message from ProxySG.

Environment

Deployment method  Transparent. Explicit.
ProxySG Software - SGOS 7.2.1.1

 

Resolution

Exempt Facebook Applications from SSL Interception.
You can define the Facebook as application if you have BCWF/BCIS subscription.

Example of CPL code. (BCWF/BCIS required)

<ssl-intercept>
 request.application.name=Facebook ssl.forward_proxy(no)

Additional Information

Sample PCAP.

Transparent proxy

Source        Destination 

Client IP 31.13.82.1 TCP 66 54666  >  443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
31.13.82.1 Client IP TCP 66 443  >  54666 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 SACK_PERM=1 WS=64
Client IP 31.13.82.1 TCP 60 54666  >  443 [ACK] Seq=1 Ack=1 Win=2102272 Len=0
31.13.82.1 Client IP TCP 54 [TCP Window Update] 443  >  54666 [ACK] Seq=1 Ack=1 Win=1049728 Len=0
Client IP 31.13.82.1 TLSv1.3 271 Client Hello
31.13.82.1 Client IP TCP 54 443  >  54666 [ACK] Seq=1 Ack=218 Win=1049472 Len=0
31.13.82.1 Client IP TLSv1.3 1514 Server Hello, Change Cipher Spec, Application Data, Application Data
31.13.82.1 Client IP TLSv1.3 279 Application Data, Application Data
Client IP 31.13.82.1 TCP 60 54666  >  443 [ACK] Seq=218 Ack=1686 Win=2102272 Len=0
Client IP 31.13.82.1 TLSv1.3 78 Application Data
Client IP 31.13.82.1 TCP 60 54666  >  443 [FIN, ACK] Seq=242 Ack=1686 Win=2102272 Len=0
31.13.82.1 Client IP TCP 54 443  >  54666 [ACK] Seq=1686 Ack=243 Win=1049728 Len=0
31.13.82.1 Client IP TCP 54 443  >  54666 [FIN, ACK] Seq=1686 Ack=243 Win=1049728 Len=0
Client IP 31.13.82.1 TCP 60 54666  >  443 [ACK] Seq=243 Ack=1687 Win=2102272 Len=0

 

Explicit proxy

Source        Destination 

Client IP 10.0.80.80 TCP 51026  >  8080 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=326269336 TSecr=0 WS=128
10.0.80.80 Client IP TCP 8080  >  51026 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 SACK_PERM=1 TSval=26035141 TSecr=326269336 WS=64
Client IP 10.0.80.80 TCP 51026  >  8080 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=326269338 TSecr=26035141
10.0.80.80 Client IP TCP [TCP Window Update] 8080  >  51026 [ACK] Seq=1 Ack=1 Win=1049792 Len=0 TSval=26035143 TSecr=326269338
Client IP 10.0.80.80 HTTP CONNECT b-api.facebook.com:443 HTTP/1.1 
10.0.80.80 Client IP HTTP HTTP/1.1 200 Connection established 
Client IP 10.0.80.80 TCP 51026  >  8080 [ACK] Seq=98 Ack=40 Win=64256 Len=0 TSval=326269341 TSecr=26035145
Client IP 10.0.80.80 TLSv1.3 Client Hello
Client IP 10.0.80.80 TLSv1.3 Change Cipher Spec, Application Data
10.0.80.80 Client IP TCP 8080  >  51026 [ACK] Seq=40 Ack=594 Win=1049280 Len=0 TSval=26035152 TSecr=326269347
10.0.80.80 Client IP TLSv1.3 Server Hello, Change Cipher Spec, Application Data
10.0.80.80 Client IP TLSv1.3 Application Data, Application Data, Application Data
Client IP 10.0.80.80 TCP 51026  >  8080 [ACK] Seq=594 Ack=3038 Win=64128 Len=0 TSval=326269429 TSecr=26035233
Client IP 10.0.80.80 TLSv1.3 Application Data
Client IP 10.0.80.80 TCP 51026  >  8080 [FIN, ACK] Seq=618 Ack=3038 Win=64128 Len=0 TSval=326269431 TSecr=26035233 
10.0.80.80 Client IP TCP 8080  >  51026 [ACK] Seq=3038 Ack=619 Win=1049792 Len=0 TSval=26035235 TSecr=326269430
10.0.80.80 Client IP TCP 8080  >  51026 [FIN, ACK] Seq=3038 Ack=619 Win=1049792 Len=0 TSval=26035236 TSecr=326269430
Client IP 10.0.80.80 TCP 51026  >  8080 [ACK] Seq=619 Ack=3039 Win=64128 Len=0 TSval=326269435 TSecr=26035236

Attachments