Not able to connect to HTTPS web sites that use ECDHE cipher suites after upgrading to R77.30.
Traffic capture on Security Gateway shows that SSL handshake fails.
Debug of WSTLSD daemon (per sk105559) shows that SSL handshake fails because ECDHE cipher was not found:
cptls_hs_event_handler: event CPTLS_HS_ALERT, buf_len = 2 cptls_hs_message_handler: called CLN_handle_alert: called. cptls_hs_record_alert: called. alert level: CPTLS_fatal description: CPTLS_handshake_failure cptls_hs_record_alert: SNI_name: www.MyCompany.Example cptls_Alert_Cache::add_hostname: host_name: www.MyCompany.Example ... ... ... cptls_sni_in_alert_cache: SNI_name: www.MyCompany.Example cptls_Alert_Cache::find_hostname: found host_name www.MyCompany.Example in cache. cptls_sni_in_alert_cache: is_exist for sni www.MyCompany.Example: 1 cptls_params_imp::Get_Filtered_CipherSuites: start. m_propose_ecdhe: 2, sni_in_cache: 1 cptls_params_imp::CipherSuites_without_ECDHE: start cptls_ecdhe_cipher_exists: ecdhe cipher not found.
Security Gateway does not propose the ECDHE cipher suites.