Understand how SWG Proxy Handles Non-Standard HTTPS Requests

Available Languages

Download Options

  • PDF     (5.0 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (81.7 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (66.7 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 31, 2025
Document ID:225344

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how SWG Proxy processes non-standard HTTPS requests and outlines required client compliance.

    Overview

    Umbrella relies on the TLS SNI extension to discover the destination domain and determine if an HTTPS request requires decryption or bypass from decryption using Selective Decryption Lists. The client must comply with TLS standards as defined in relevant RFCs. Most well-known browsers comply with these standards and Umbrella supports them.

    Common Questions

    Can SWG Proxy Process Non-Standard HTTPS Web Requests?

    No. The HTTPS request fails if the client does not perform a basic TLS handshake. For example, if the Client Hello or Server Hello exchange is missing, the request cannot complete.

    Can Disabling HTTPS Inspection or Adding the Domain in Question to Selective Decryption List Help?

    No, these actions do not resolve the issue.

    Solution

    You must bypass the SWG Proxy completely for the non-standard HTTPS site in question.

    Revision History

    Revision Publish Date Comments
    1.0
    31-Oct-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products