I have see a couple of alerts from my IDSM for signature 6005/0 "Unencrypted SSL Traffic." The target ip address is one of my ssl proxy ip addresses (on CSM-S) tcp port 443. An example of the unencrypted traffic sent:
GET http://www.yahoo.com/ HTTP/1.1.
I have seen 4 such triggers today (each to different url's) from the same "attacker" ip address. Can anyone tell me how or why this would be happening? Is this a possible bug with a web browser? Does anyone have a suggestion for where I can do further research on this?