cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1846
Views
0
Helpful
2
Replies

FMC SSL Policy Block EC Curve

Hi All,

I have SSL Policy enabled on some ACs. Everything was working fine for a while until today I upgraded FMC and Firepower to 6.2.3.13 from 6.2.3.7. Our workers started complaining about not being able to connect to webmail. I checked connection events and saw that connections are block because SSL Policy with reason EC Curve not supported. I tried couple  workarounds from BUGs and forums but with no result.

First of all I wonder why it started not to work after upgrading the patch. Moreover, I want to know why connection contains EC curves. My certificate is RSA based.

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

Go straight to TAC with this issue.

You may be hitting this behavior:

https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/s_8.html#wp1497969539

The fix is easy but should only be done after TAC confirms and recommends it.

Hi Marvin,

I have already tried to tweak clien_hello.cnf from firepower by following related bugs but with no result. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: