Guest

Preview Tool

Cisco Bug: CSCuo17909 - WSA does not support elliptic_curves and ec_point_formats extensions

Last Modified

Mar 07, 2018

Products (1)

  • Cisco Web Security Appliance

Known Affected Releases

7.5.2-HP2-303 8.0.7-142 8.0.8-MR-113 8.5.1-021 8.5.2-027

Description (partial)

Symptom:
When going to https site that uses elliptic_curves and ec_point_formats extensions in their client hellos the WSA does not support those extensions which causes the webserver to reset the connection.

Conditions:
When comparing the client's HELLO with the proxy's HELLO, the clients contain these extensions:
 
 Extension: ec_point_formats
 Extension: elliptical_curves
 
 where the proxy's does not.

Related Community Discussions

<key>CSCuo17909</key> - WSA does not support elliptic_curves and ec_point_formats extensions
So, what are we supposed to do when a CDN starts using SSL settings like this? Bypassing akamai's networks doesn't sound very tempting.
Latest activity: Feb 01, 2016
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.