Guest

Preview Tool

Cisco Bug: CSCum00386 - Unsupported algorithms/ciphers are incorrectly treated as non-SSL

Last Modified

Nov 27, 2020

Products (1)

  • Cisco IronPort Web Security Appliance Software

Known Affected Releases

7.5.2-118 7.7.0-608 8.0.0-Beta1-280

Description (partial)

Symptom:
If the remote server is supporting TLS v1, but not offering any ciphers we support in our probe the WSA treat a connection as non-SSL. 
This will prevent a passthru action on HTTPS proxy in decryption policy to work.

Conditions:
In the case of the customer reporting, the server was accepting only TLSv1 and GOST cipher. WSA do not support yet GOST (CSCzv91934). As a consequence we fail to negotiate SSL handshake. If now blocking of non-SSL on HTTPS port is enabled the session will be dropped even the server and client would support algorithms/ciphers which WSA does not.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.