Preview Tool

Cisco Bug: CSCur56988 - SSL AO chaining from HTTP CONNECT should work without DNS

Last Modified

Sep 13, 2019

Products (1)

  • Cisco Wide Area Application Services (WAAS) Appliances

Known Affected Releases

5.1(1h) 5.3(5c) 5.4(1a)

Description (partial)

In some environments no devices on the network can resolve outside hostnames, except the HTTP proxies.

All HTTPS traffic is going through HTTP proxies using the hostname in the CONNECT statement.

All of this works, however SSL AO requires that we activate on the IP of the server,not the hostname. So SSL AO chaining cannot work in this setup as the WAAS devices cannot resolve the hostname of the server.

We should allow this scenario to work

The core WAAS device cannot resolve the hostname used in the CONNECT HTTP command.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.