How is Airtel Blocking Even https:// Sites?

apuw · Sep 29, 2017

@Sushubh I was recently getting a NET::ERR_CERT_AUTHORITY_INVALID error on websites due to some configuration error on a Cisco product used by my LCO. This certificate was being used: Cisco Umbrella Secondary SubCA hkg-SG

This Google forum post describes my issue: exactly Google Groups

The error has since been resolved by contacting the LCO.

Any idea which Cisco product they are using and why?

Sushubh · Sep 29, 2017

this is something that @x720 might know something about. i am not really into these things.

x720 · Sep 29, 2017

From what I know, Cisco Umbrella provides DNS level security/filtering. Here's a nice video from Cisco. I'm guessing your ISP did not set up the policy correctly, leading to legit sites also getting blocked.

apuw · Sep 30, 2017

@x720 You are probably right. I knew instantly that it was a problem from the LCO's side as I had previously seen phishing websites getting blocked by OpenDNS which I do not use. The certificate issue is there again and the LCO is still trying to fix it.

It is probably a configuration problem on a network device which is corrupting the secure certificate chain and leading to the aforementioned certificate errors.

liverpool79 · Jun 1, 2018

Since last 1 week i'm unable to access T P B: Firefox can’t find the server at....

Tried pinging and can't find host.Should i change to Google DNS on my device?

Sushubh · Jun 1, 2018

if it does not work with https... VPN is probably the only alternative.
dns services usually do not change this behavior.

warpspeed · Jun 1, 2018

Airtel and other ISP's are blocking https sites by blacklisting the SNI which is usually sent in plain text before the actual encryption happens. VPN seems to be the last resort.

Sushubh · Jun 1, 2018

would dns over https (or tls?) fix this issue? 😀

warpspeed · Jun 1, 2018

Not really. Using cloudflare DNS over https for the past few months and It has been a hit and miss. Some sites work and while some don't. It all depends on how often they update their blacklist 😀

Sushubh · Jun 1, 2018

i thought you needed to something more to get secure dns. android p has integrated support. windows require usage of third party app like dnscrypt?

warpspeed · Jun 1, 2018

Yes! Android P supports only DNS over TLS and has been standardized recently. It could take some time for widespread adoption. DNSCrypt on the other hand works slightly different and it is not a standard. Probably that's why there wasn't any vendor support.

How is Airtel Blocking Even https:// Sites?

apuw

Sushubh

Admin

x720

Incoherent Poster

apuw

liverpool79

Newbie

Sushubh

Admin

warpspeed

To Infinity and Beyond!

Sushubh

Admin

warpspeed

To Infinity and Beyond!

Sushubh

Admin

warpspeed

To Infinity and Beyond!

Similar threads