E2Guardian: Failed to negotiate ssl connection to client
- 
 Create a new alias in the firewall + alias section 
 into
 Add your bypass domains like d.dropbox.com, client.dropbox.com
 then this alias is the name
 Bypass Proxy for These Destination IPs
 Write to section
 this is how I work using dropbox
- 
 Create a new alias in the firewall + alias section 
 into
 Add your bypass domains like d.dropbox.com, client.dropbox.com
 then this alias is the name
 Bypass Proxy for These Destination IPs
 Write to section
 this is how I work using dropboxcan I use *.dropbox.com instead of specifying the subdomain ? 
- 
 Create a new alias in the firewall + alias section 
 into
 Add your bypass domains like d.dropbox.com, client.dropbox.com
 then this alias is the name
 Bypass Proxy for These Destination IPs
 Write to section
 this is how I work using dropboxcan I use *.dropbox.com instead of specifying the subdomain ? no but 
 It would be better if there was another partition to do the ssl bypass and if the domains could be written
 because it is a bit unstable when you add the alias section
 marcello maybe can.
- 
 What is the relationship of adding Pass Rule in the firewall for that sites while I am using E2Guardian for filtering ? 
- 
 You are bypassing e2Guardian because ssl is a filtering problem 
 e2Guardian with firewall rule is very different things
 e2Guardian squidGuard alternative content filter software
 and much faster
- 
 ok. so d.dropbox.com, client.dropbox.com is already known as you gave it to me. but what about other sites that our 3rd party application use. How will I know them ? 
- 
 I see and bypass the access log 
 Why do you want the ssl filter so much
 I do not install SSL certificates in some institutions
 It can make very stable filter while loading (http and https)
 only in the https sites are banned warning does not come
- 
 e2guardian can only intercept https sites but some applications like dropbox and skype user same port 443 but with another protocol(most proprietary). That's why you can't intercept it. You can try to include skype.com and dropbox.com on e2guardian exception list to do not intercept these connections or add on firewall alias like susamlicubuk posted. 
- 
 e2guardian can only intercept https sites but some applications like dropbox and skype user same port 443 but with another protocol(most proprietary). That's why you can't intercept it. You can try to include skype.com and dropbox.com on e2guardian exception list to do not intercept these connections or add on firewall alias like susamlicubuk posted. Its SSL pinning, the developers of these programs bake the CA cert into the program so that fake certs like the ones from E2 Guardian cannot be used to intercept traffic. 
- 
 so to block dropbox, skype, yahoo messenger is to mitm ssl disrupting connection and to allow them under mitm ssl connection is to place them on exemption, right? 
- 
 so to block dropbox, skype, yahoo messenger is to mitm ssl disrupting connection and to allow them under mitm ssl connection is to place them on exemption, right? Pretty much, yes. Although if you completely want to block them, use banned list and don't rely on the SSL pinning to block it as the developers of the platform can change things. 
