Scanning secured connections breaks SSL certificate authentication

[REDACTED]

I guess it is expected (that it stops working, see subject) as the server identifies itself now as Avast MITM but it should be noted somewhere. Am I correct?

[tumic]

What do you mean by "breaks SSL certificate authentication"? Certificte authentication
still works in your browser, only the issuer certificate is different (the original is checked
by the webshield).

There is some older technical info available for this topic at:
http://public.avast.com/~tuma/techinfo/

[REDACTED]

OK, I should have been more precise. SSL client certificate authentication does not work as the session is being set up between client and Avast (MITM) and not proxied to true destination SSL server. So in cases where server requests SSL client certificate Avast MITM does not send any because it does not have client’s private key anymore.

[.: Mac :.]

Can you give some example of the service you are trying to authenticate to? Are you able to connect with web shield disabled?

[REDACTED]

For example https://portal.t-systems.cz and yes, with Scanning secured connections disabled I can authenticate with my client certificate.

[tumic]

OK, I should have been more precise. SSL client certificate authentication does not work as the session is being set up between client and Avast (MITM) and not proxied to true destination SSL server. So in cases where server requests SSL client certificate Avast MITM does not send any because it does not have client’s private key anymore.

Yes, for servers that require client certificates you have to add an exception to the webshield at the moment.