topic Re: FMC SSL Policy Block EC Curve in Network Security

FMC SSL Policy Block EC Curve

orkhan.rustamli.96 — Fri, 21 Feb 2020 17:21:33 GMT

Hi All,

I have SSL Policy enabled on some ACs. Everything was working fine for a while until today I upgraded FMC and Firepower to 6.2.3.13 from 6.2.3.7. Our workers started complaining about not being able to connect to webmail. I checked connection events and saw that connections are block because SSL Policy with reason EC Curve not supported. I tried couple workarounds from BUGs and forums but with no result.

First of all I wonder why it started not to work after upgrading the patch. Moreover, I want to know why connection contains EC curves. My certificate is RSA based.

Re: FMC SSL Policy Block EC Curve

Marvin Rhoads — Wed, 31 Jul 2019 14:18:51 GMT

Go straight to TAC with this issue.

You may be hitting this behavior:

https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/s_8.html#wp1497969539

The fix is easy but should only be done after TAC confirms and recommends it.

Re: FMC SSL Policy Block EC Curve

orkhan.rustamli.96 — Thu, 01 Aug 2019 04:57:56 GMT

Hi Marvin,

I have already tried to tweak clien_hello.cnf from firepower by following related bugs but with no result.