Cisco Bug: CSCur56988 - SSL AO chaining from HTTP CONNECT should work without DNS
Sep 13, 2019
- Cisco Wide Area Application Services (WAAS) Appliances
Known Affected Releases
5.1(1h) 5.3(5c) 5.4(1a)
Symptom: In some environments no devices on the network can resolve outside hostnames, except the HTTP proxies. All HTTPS traffic is going through HTTP proxies using the hostname in the CONNECT statement. All of this works, however SSL AO requires that we activate on the IP of the server,not the hostname. So SSL AO chaining cannot work in this setup as the WAAS devices cannot resolve the hostname of the server. We should allow this scenario to work Conditions: The core WAAS device cannot resolve the hostname used in the CONNECT HTTP command.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases