Problem:


When using the Google Drive, Dropbox, or WhatsApp web client software with SSL Inspection turned 'on', the connection breaks and the software does not synchronize. 


Cause:


When Google Drive, Dropbox, or WhatsApp desktop apps attempt to connect to its respected server, they expect to receive a valid certificate as a result of the SSL Pinning implementation. With iSheriff SSL inspection enabled, where iSheriff acts as 'Man-in-the-Middle', the apps receive an untrusted root certificate from iSheriff, which iSheriff uses to resign requests causing the connection to drop and synchronization to fail.


Resolution:

  1. Add the following URLs (as needed) to the iSheriff Service Bypass list located under Filter Management > Web Filter > Setup > Connection Bypass in the iSheriff UI.

Google Drive:


    • drive.google.com
    • googledrive.com

Dropbox:

  • dropbox.com

WhatsApp:

  • whatsapp.com

2.  Save Settings.

3.  Wait for iSheriff endpoint protection to update policy (automatically updated every 10 minutes) or manually reload policy within the iSheriff local endpoint manager for settings to take effect immediately.

4. Restart your app(s) and test synchronization.


References:


https://blogs.dropbox.com/dropbox/2014/06/weve-got-your-back/

https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning

https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning