Some websites which are not SSL intercepted are no longer accessible.

Edge SWG (formerly ProxySG) with SSL interception disabled for the failing site.

• The site matches a rule in policy to be tunneled such as ssl.forward_proxy(no) or ssl.forward_proxy(https, on_exception)
• No unknown TLS extensions in the Client Hello
• An unknown key exchange method (e.g. X25519Kyber768Draft00) is offered by the client browser and the server selects that unknown key exchange (e.g. X25519Kyber768Draft00)

Google Chrome Browser implemented TLS 1.3 hybridized Kyber support. Other browsers are also using Kyber support. Kyber768 quantum-resistant key agreement algorithm for TLS 1.3 and QUIC connections to protect Chrome TLS traffic against quantum cryptanalysis. The Edge SWG device had a defect that resulted in server certificate validation failure.

A fix for the issue marked as SG-38735 has been delivered in versions 7.3.17.4; 7.3.18.4; 7.3.19.3; 7.3.20.2; 7.4.3.2 and 7.4.4.2

Fro earlier releases the following workaround is available:

• Intercept affected site - i.e. ssl.forward_proxy(https)

-OR-

• Disable the unknown key exchange in the browser (e.g. disable Kyber by going to chrome://flags/#enable-tls13-kyber and disabling the TLS 1.3 hybridized Kyber support in Chrome) 

For more information, see this article at BleepingComputer:

https://www.bleepingcomputer.com/news/security/google-chromes-new-post-quantum-cryptography-may-break-tls-connections/