Guest

Preview Tool

Cisco Bug: CSCuw50244 - HTTPS sites fail with TLS 1.2 on 9.0 if server hello has EC extension

Last Modified

Mar 08, 2018

Products (1)

  • Cisco Web Security Appliance

Known Affected Releases

9.0.0-485

Description (partial)

Symptom:
Access to HTTPS websites which send "Extension: elliptic_curves" in server hello fail when only TLS 1.2 is used

Access logs will show 502, like below, when access to the HTTPS website/s fails:
------------------------------------------ 
1443689374.008 625 10.150.52.63 TCP_MISS/502 39 CONNECT tunnel://www.example.com:443/ - DIRECT/www.example.com - DECRYPT_xxxx_xx-DefaultGroup-DefaultGroup-NONE-NONE-NONE-DefaultGroup <IW_edu,1.5,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_edu,-,"-","-","Unknown","Unknown","-","-",0.50,0,-,"-","-",-,"-",-,-,"-","-"> -

Conditions:
1) WSA running AsyncOS version 9.0.0-485
2) TLS 1.2 enabled on WSA
3) Fallback disabled on WSA (default)

Related Community Discussions

Troubleshooting utilizando Web Security Appliance (WSA) - Webcast FAQ
  Introducción                Tery Le Fbvere  colabora como ingeniera de soporte en el Centro de soporte de Cisco (TAC) de RTP en Carolina del Norte, pertenece al grupo de WSA (Web Security Appliance) y al CWS (Colud Web Security), es la primera ingeniera híbrida en Cisco. Ha trabajado en el TAC por 7 años, en los últimos 3 años se ha enfocado en la tecnología de seguridad y cuenta con experiencia en Telepresencia, Routing &amp; Switching y Arquitectura. | Tery es egresada de estudios de CCNA y Networking ...
Latest activity: Aug 31, 2017
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.