Support Center > Search Results > SecureKnowledge Details
Not able to connect to HTTPS web sites that use ECDHE cipher suites after upgrading to R77.30
Symptoms
  • Not able to connect to HTTPS web sites that use ECDHE cipher suites after upgrading to R77.30.

  • Traffic capture on Security Gateway shows that SSL handshake fails.

  • Debug of WSTLSD daemon (per sk105559) shows that SSL handshake fails because ECDHE cipher was not found:

    cptls_hs_event_handler: event CPTLS_HS_ALERT, buf_len = 2
    cptls_hs_message_handler: called
    CLN_handle_alert: called.
    cptls_hs_record_alert: called. alert level: CPTLS_fatal description: CPTLS_handshake_failure
    cptls_hs_record_alert: SNI_name: www.MyCompany.Example
    cptls_Alert_Cache::add_hostname: host_name: www.MyCompany.Example 
    ... ... ...
    cptls_sni_in_alert_cache: SNI_name: www.MyCompany.Example
    cptls_Alert_Cache::find_hostname: found host_name www.MyCompany.Example in cache.
    cptls_sni_in_alert_cache: is_exist for sni www.MyCompany.Example: 1
    cptls_params_imp::Get_Filtered_CipherSuites: start. m_propose_ecdhe: 2, sni_in_cache: 1
    cptls_params_imp::CipherSuites_without_ECDHE: start
    cptls_ecdhe_cipher_exists: ecdhe cipher not found.
    
    cptls_sni_in_alert_cache: SNI_name: www.example.com cptls_Alert_Cache::find_hostname: entered cptls_Alert_Cache::find_hostname: host_name www.example.com not in cache. cptls_sni_in_alert_cache: is_exist for sni www.example.com: 0 cptls_params_imp::Get_Filtered_CipherSuites: start. m_propose_ecdhe: 0, sni_in_cache: 0 cptls_params_imp::CipherSuites_without_ECDHE: start cptls_ecdhe_cipher_exists: ecdhe cipher not found.
Cause

Security Gateway does not propose the ECDHE cipher suites.


Solution
Note: To view this solution you need to Sign In .