Cisco Bug: CSCum00386 - Unsupported algorithms/ciphers are incorrectly treated as non-SSL
Nov 27, 2020
- Cisco IronPort Web Security Appliance Software
Known Affected Releases
7.5.2-118 7.7.0-608 8.0.0-Beta1-280
Symptom: If the remote server is supporting TLS v1, but not offering any ciphers we support in our probe the WSA treat a connection as non-SSL. This will prevent a passthru action on HTTPS proxy in decryption policy to work. Conditions: In the case of the customer reporting, the server was accepting only TLSv1 and GOST cipher. WSA do not support yet GOST (CSCzv91934). As a consequence we fail to negotiate SSL handshake. If now blocking of non-SSL on HTTPS port is enabled the session will be dropped even the server and client would support algorithms/ciphers which WSA does not.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases