You want to understand the impact of RFC 9842 (Compression Dictionary Transport) on Symantec Edge SWG traffic inspection. There were concerns that dictionary-based compression could affect the ability of the Edge SWG to perform accurate file typing and content analysis.

Broadcom analysis and testing confirm that the current Chrome and Edge browser implementation of RFC 9842 requires a publicly-trusted root for TLS certificates. Because Edge SWG acts as a TLS-intercepting proxy and re-signs traffic using a locally-installed CA certificate, dictionary compression is automatically disabled by the chromium browser implementation.

• Symantec Edge Security Web Gateway (Edge SWG)
• Google Chrome browser
• Edge Browser
• Mozilla Firefox browser
• Apple Safari browser

RFC 9842 introduces a compression method that uses pre-negotiated dictionaries. However, security mechanisms within modern browsers prevent this feature from activating when a proxy intercepts and re-signs the TLS connection with a private or local Certificate Authority (CA).

No policy changes or configuration updates are required for Edge SWG to handle RFC 9842 traffic.

Dictionary compression does not impact file typing or content analysis for Edge SWG customers because:

1. Chrome Implementation: Dictionary compression is disabled when the browser detects a TLS-intercepting proxy re-signing traffic with a locally-installed CA certificate.
2. Edge Implementation: Dictionary compression is disabled when the browser detects a TLS-intercepting proxy re-signing traffic with a locally-installed CA certificate.
3. Firefox Implementation: Dictionary compression is disabled by default.
4. Safari Implementation: The RFC 9842 standard has not yet been implemented in Safari.

Broadcom is monitoring the ongoing progression of RFC 9842 to ensure that Edge SWG customers maintain full visibility and the ability to inspect web traffic as the standard evolves.