Forum Discussion
Dev build v80.0.345.0 cert validation fails with Zscaler ZApp
Since the update 80.0.345.0, I'm having lots of sites are failing to open due to an invalid certificate. If the site is using HSTS click through is prevented. We're using Zscaler and this seems t...
Looks like this is a Chromium 80 issue, Google Chrome dev 80.0.3987.7 is also affected.
answer from Zscaler zupport :
"
We are aware of that issue. There is a ticket opened internally for that (BUG-67731).
Certificate related issues seem to be only happening with Zscaler APP and Explicit Proxy mode (Dedicated Port, PAC file). When Client Hello is fragmented, we are not able to get the SNI from client hello.
Hence our outbound connection does not have SNI, this causing issues with certificate.
Everything works fine with transparent forwarding methods (IPSEC/GRE Tunnel).
Can you please get in contact with Microsoft and Google to get that checked?
Temporary solution for users who are using browsers based on Chromium 80 is adding affected URLs to SSL Inspection bypass list.
"