Preview Tool

Cisco Bug: CSCuq54631 - CX - TLS Proxy Terminates Connection due to OOO FIN-ACK From Web Server

Last Modified

Nov 27, 2020

Products (1)

  • Cisco ASA Next-Generation Firewall Services

Known Affected Releases

9.2(1) 9.3(1.2.4)

Description (partial)

Certain web sites may fail to load when HTTPS traffic for the website data is decrypted by the CX module and the web server sends an out of order FIN-ACK before sending the data to load the web page.

1.  Must be decrypting HTTPS traffic through the CX module
2.  Web server must send an out of order FIN ACK TCP packet prior to sending the web site data or it must be re-ordered during transit so that it is received out of order by the CX during packet processing
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.