Does Dropbox work with SWG SSL scanning?


This article applies to:

  • SWG 10.x

Question:

  • Does Dropbox work with SWG SSL scanning?

Reply:

Yes, but the only way that drop box will work with the SWG is if SSL scanning is bypassed for Dropbox. In the dropbox help it is suggested that you create an HTTPS bypass list that you can add Dropbox to so that it will not be scanned by the SWG. 

Dropbox was not designed to work with an SLL proxy. When drop box makes a connection to the client it refuses to use the OS root SSL certificates that’s provided to the drop box client (which is what the SWG uses in the event of a HTTPS connect). It then sends an encrypted alert stating that the certificate that is being served is “bad” and ends the connection. 

Notes:

Drop box help: 

“You have a proxy orfirewall blocking the Dropbox service Dropboxuses standard internet ports (80 and 443) to transfer data. However, manyfirewalls and security software will proactively block unauthorized or unknowninternet services. Add Dropbox to your proxy orfirewall settings as anexception to connect to the Dropbox service. “ 


Last Modified 11/24/2013.
https://support.trustwave.com/kb/KnowledgebaseArticle14437.aspx