Cisco Bug: CSCvv67721 - When using cut-through proxy, ECDHE ciphers do not get selected in SSL handshake
Sep 30, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: ASA is configured as Cut-Through Proxy and during SSL handshake it does not select ECDHE ciphers even if offered by client. Below ciphers are configured. sh run ssl ssl server-version tlsv1.2 ssl cipher default custom "ECDHE-ECDSA-AES256-SHA384" ssl cipher tlsv1 custom "ECDHE-ECDSA-AES256-SHA384:AES256-SHA" ssl cipher tlsv1.1 low ssl cipher tlsv1.2 custom "ECDHE-ECDSA-AES256-SHA384" ssl cipher dtlsv1 custom "ECDHE-ECDSA-AES256-SHA384:AES256-SHA" ssl dh-group group24 Conditions: ASA configured for Cut-through proxy.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases