[2015.10.4.2233] Possible conflicts between Web shield and Client certification

[NON]

Hello all,


I got a report that suggests a possible conflict between Web Shield and Client certification because of HTTPS scan.
The conflict was reported by a Japanese user who uses Banking website with own client certificate.

The issue is as follows:

- Normally, client certification could be done with only one attempt of showing user's own client certificate to the website.
- With Avast 2015.10.4.2233, first 3 attempts always fail. After 3 failed attempts, certification could be done normally until reboot.
- Disabling HTTPS scan or downgrade to 10.2.2218 solves the issue.

The environment is as follows:

Avast Pro Antivirus 2015.10.4.2233
Windows 7 Pro SP1
Internet Explorer 10.0.9200.17492
* IE10 is used because IE11 is only partially supported by the banking website.


I feel this is somehow related to the missing intermediate certificate and browser trying to certify the certificate chain one by one.
I'm willing to get an input from one of the developers from Avast.


Thanks,
NON

[REDACTED]

Hello

I am getting similar issue with SSL. My French Bank (CIC CMC) is in discussion with Avast because Avast has a strange behaviour trying to replace the bank ssl certificate by its own one. As this is not safe for the bank, it is generating an error. If we make a second try it will always work.

Avast does not seem to reply to the bank knowing they know the issue for almost one month.

Best,

Julien