Cisco Bug: CSCzv18663 - Treat servers that RST our Client Hello as non-SSL
Sep 14, 2020
- Cisco Web Security Appliance
Known Affected Releases
7.1.4-053 7.5.0-000 7.5.0-MR-838 7.5.1-201 7.5.2-HP2-304 7.7.0-000 7.7.0-761 8.0.0-000 8.0.6-119
Symptom: SSL connections fail via the WSA even when set to Pass-through. The access logs will usually show a 502 error code. An example is a client doing a Client Hello with 1 cipher suite. The WSA sends its own Client Hello to the OCS prior to passing the transaction through. The WSA's Client Hello did not have any ciphers that match the client's. The OCS rejects this hello packet and sends a RST packet. Conditions: AsyncOS for Web.
Related Community Discussions
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases