Guest

Preview Tool

Cisco Bug: CSCzv18663 - Treat servers that RST our Client Hello as non-SSL

Last Modified

Jan 02, 2020

Products (1)

  • Cisco Web Security Appliance

Known Affected Releases

7.1.4-053 7.5.0-000 7.5.0-MR-838 7.5.1-201 7.5.2-HP2-304 7.7.0-000 7.7.0-761 8.0.0-000 8.0.6-119

Description (partial)

Symptom:
SSL connections fail via the WSA even when set to Pass-through.  The access logs will usually show a 502 error code.

An example is a client doing a Client Hello with 1 cipher suite.  The WSA sends its own Client Hello to the OCS prior to passing the transaction through.  The WSA's Client Hello did not have any ciphers that match the client's.  The OCS rejects this hello packet and sends a RST packet.

Conditions:
AsyncOS for Web.

Related Community Discussions

allowing whatsapp through proxy
Hi, We have Ironport S670 in our network for web filtering. Recently we migrated from forward mode to transparent mode to allow mobile applications to work through proxy. Most of the applications started working such as skype and all. But still "Whatsapp" is not working through proxy. Is there a way to allow or bypass to make this application work thorugh transparent proxy. Please suggest and let me know if any additional information is required. Thanks. Regards, Madhan kumar G
Latest activity: Apr 12, 2016
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.