04-24-2024 06:27 AM
Hello
We have a lot of clients getting the following error when contacting diffrent sites: ERR_SSL_PROTOCOL_ERROR, we have read that SonicWall and Palo Alto also have these problemes. Solution is to turn off "TLS 1.3 Hybridized Kyber Support" in chromium web browser, and/or I have tried to disable all SSL and "Early application detection and URL categorization" for 1.3 in FirePower.
We are using fw: 7.2.5, have created a TAC case and are waiting for answer.
Anybody else getting this ?
Regards
J.
04-24-2024 06:42 AM
Do you use any ssl encrypt policy?
MHM
04-24-2024 06:51 AM
04-24-2024 07:00 AM
In FMC
Policies > access control - access control
There is
Ssl policy
Can you confirm it not list any policy or not
MHM
04-24-2024 07:26 AM
04-24-2024 07:25 AM
Hello,
I have same issue and I don't have ssl policy (FMC and FTD HA 7.2.5-208)
thanks
FF
04-24-2024 07:43 AM
04-24-2024 08:20 AM
04-24-2024 09:30 AM
04-24-2024 09:51 AM - edited 04-24-2024 09:52 AM
The traffic is https and hence ftd can not inspect inside the packet (without ssl policy).
I shate with you bug and one of workaround is use prefilter' or you can use ACP match applications https action is trust.
MHM
04-24-2024 11:01 PM
We are seeing the same thing on 7.2.5.1
Prefilter rules do fix it, but since it is a lot of websites not working it is really not a way to go. We have also created a TAC case on the issue. Looking around different forums many are seeing this issue, not just on firepower.
Hope to get an update soon as this is a major issue for customers.
04-24-2024 11:48 PM
Same problem seems to happen if a WSA (Secure Web Appliance) is in the path. No workaround there yet, besides disabling Kyber Support in the client browsers.
04-25-2024 01:10 AM
After going through diffrent blogs and sites of other verdors, I see this has been a discussion going on for months. Seeing discussions on fortinet site in nov last year. Chromium developers are blaming firewall/security vendors for the problem. I guess we are stuck in the middle. Problems started with versions Chrome 124.0.6367.61 and Edge Version 124.0.2478.51.
04-25-2024 01:11 AM
I dont have time these day, if you can wait me to next weekend and I will check again
thanks for waiting
MHM
04-25-2024 12:53 PM
Same issue on FMC and FTD HA 7.2.6. What a fun time figuring that one out.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide