Guest

Preview Tool

Cisco Bug: CSCvv62931 - FTD does not send Server Hello & Server Certificate to the client when src.port==dst.port

Last Modified

Oct 13, 2020

Products (1)

  • Cisco Firepower Management Center Virtual Appliance

Known Affected Releases

6.4.0.9

Description (partial)

Symptom:
When there is an SSL policy with DnD action as default action only (no other rules configured)

During the SSL handshake the "Server Hello, Certificate, Server Key Exchange, Server Hello Done" packet is separated on message on each packet. Due to this when the source & destination port is equal, the FTD is getting "confused" and sends "Server Hello" and "Certificate" back to the server. Hence, the client never receives the whole information (Server Hello, Certificate, Server Key Exchange, Server Hello Done) and it breaks the handshake

This is a condition seen where and SSL session is initiated with the same port for Source and Destination port

Conditions:
-SSL policy with Default Action only for Do Not Decrypt
-The source and destination port is the same
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.