No announcement yet.

SSL decrypt exception: Insufficient buffer remaining

This topic is closed.
  • Filter
  • Time
  • Show
Clear All
new posts

  • SSL decrypt exception: Insufficient buffer remaining

    Hi, We are a school with some 200 students. Been running UT for 5 years, & SSL Inspector for 2 years - SSL Ins been a little buggy but works OK to allow us to monitor what the kids are searching on in YouTube & the common SE's. That's all we need, so we bypass (ignore) all other SSL traffic usually based on SNI Host name.

    Lately we've been seeing lots of "SSL decrypt exception: Insufficient buffer remaining" errors on various non Search-Engine sites that I thought should have been bypassed by our rules. (Inspect All SSL Traffic rule is unchecked). The certificate displayed on the partially painted page was the Untangle Cert.

    So my question is "Does UT need to do any decryption before it can work out the SNI host name, or in other words, would this SSL decrypt exception cause SSL inspector not to determine the SNI Host Name and thus not bypass the site for SSL inspection ? Would there be any use trying an Ignore rule based on Cert Subject instead ?

  • #2
    I would open a support ticket so we can monitor the resources during the event. I have not seen that before.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email [email protected]


    • #3
      Thanks - I'll do that, but I'd better just first check that I didn't make an error in specifying the conditions in the Ignore rule.