07-05-2016 04:14 PM
Since moving from x1060 running 7.6.1 to C680 with 9.7.1, we are getting this error for one specific destination. We have TLS required with this domain,
TLS failed: (336142563, 'error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext')
Solved! Go to Solution.
07-06-2016 07:05 AM
Known issue: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva00454?emailclick=CNSemail
Alert Type: |
New |
Bug Id: |
|
Title: |
Elliptic curves extension in server hello is not tolerated by CiscoSSL |
Status: |
Open |
Severity: |
3 Moderate |
Description: |
Symptom: |
Last Modified: |
09-JUN-2016 |
Known Affected Releases: |
10.0.0-082, 9.7.1-066 |
Known Fixed Releases: |
07-06-2016 12:10 AM
Tony, I can't help as we're only at the stage of considering implementing TLS ourselves, but it begs the interesting question of how one independently tests a recipient domain to see what level of encryption it actually supports.
Question for the forum: those of us managing WSAs and their ilk are familiar with throwing domains at Qualys SSL Labs to see what's wrong with them, but what's the equivalent for an ESA?
07-07-2016 12:10 PM
www.checktls.com provides a good deal of information you may bee looking for, We use it when considering domains to set up required TLS with.
07-06-2016 07:05 AM
Known issue: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva00454?emailclick=CNSemail
Alert Type: |
New |
Bug Id: |
|
Title: |
Elliptic curves extension in server hello is not tolerated by CiscoSSL |
Status: |
Open |
Severity: |
3 Moderate |
Description: |
Symptom: |
Last Modified: |
09-JUN-2016 |
Known Affected Releases: |
10.0.0-082, 9.7.1-066 |
Known Fixed Releases: |
07-07-2016 12:08 PM
Thank you sir. Hopefully a future release will allow the ESA to handle the extension gracefully in a future release so we don't need to restrict from using these cipher's.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide