Preview Tool

Cisco Bug: CSCvv80449 - ESA: TLS implementation should remove and from the list of valid SLDs

Last Modified

Sep 24, 2020

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases


Description (partial)

Having TLS verify enabled, we can see verification errors for domains utilizing a certificate with * or * as a CN/DNS attribute, logs from tlsverify would be similar to the below:
Verifying certificate common name *
Ignored * top-level domain contains wildcard

This is because by default we do not verify CN/DNS attributes if they are a wildcard+TLD/SLD
ex *.com.  however and are not a TLD/SLD and need to be removed from the appliance list

having TLS settings to be TLS verify and trying to deliver to a domain that has a certificate with * as a CN/DNS
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.