Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1876
Views
0
Helpful
2
Replies

FMC SSL Policy Block EC Curve

orkhan.rustamli.96
Level 1
Level 1

‎07-31-2019 06:51 AM - edited ‎02-21-2020 09:21 AM

Hi All,

I have SSL Policy enabled on some ACs. Everything was working fine for a while until today I upgraded FMC and Firepower to 6.2.3.13 from 6.2.3.7. Our workers started complaining about not being able to connect to webmail. I checked connection events and saw that connections are block because SSL Policy with reason EC Curve not supported. I tried couple  workarounds from BUGs and forums but with no result.

First of all I wonder why it started not to work after upgrading the patch. Moreover, I want to know why connection contains EC curves. My certificate is RSA based.

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-31-2019 07:18 AM

Go straight to TAC with this issue.

You may be hitting this behavior:

https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/s_8.html#wp1497969539

The fix is easy but should only be done after TAC confirms and recommends it.

0 Helpful

orkhan.rustamli.96
Level 1
Level 1
In response to Marvin Rhoads

‎07-31-2019 09:57 PM

Hi Marvin,

I have already tried to tweak clien_hello.cnf from firepower by following related bugs but with no result. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card