Because Google uses a wildcard certificate for its many domains and
properties, it has not been possible to use certain Google applications
that are not SNI-compatible (such as the Google Drive desktop app) while
simultaneously blocking access to sites such as YouTube without
implementing SSL Decryption on your Cipafilter.
Typically SSL Decryption allows the Cipafilter to intercept, decrypt,
and filter traffic by using a custom self-signed certificate. However,
the Google Drive desktop application employs certificate pinning
to force the use of its own security certificate rather than the
Cipafilter-generated certificate that is saved in a computer's
certificate store. Because the Google Drive desktop app does not allow
certificates to be added or modified, the app will not function in a
standard SSL Decryption environment.
Google has provided the googledrive.com domain to allow the Google
Drive desktop app to function in a standard SSL Decryption environment.
Simply add googledrive.com to the SSL Decryption Settings for the
appropriate group(s) on the Group Permissions page to exempt this domain
from SSL Decryption. Once this is done, the Google Drive desktop app
should function correctly.
* Please note that this only applies to the Google Drive desktop application. The web application is fully compatible with standard filtering.