Support Center > Search Results > SecureKnowledge Details
SSL Handshake fails when HTTPS Inspection Probe Bypass and ECDHE ciphers enabled Technical Level
Symptoms
  • Probe bypass is enabled as per sk104717,
    Output of the following command shows value of 1:
    [Expert@Home]# fw ctl get int enhanced_ssl_inspection
    enhanced_ssl_inspection = 1

  • ECDHE ciphers are allowed as per sk104717,
    Output of the following command shows value of 1:
    [Expert@Home]# cat $CPDIR/registry/HKLM_registry.data | grep -i ecdhe
    :CPTLS_ACCEPT_ECDHE (1)
    :CPTLS_PROPOSE_ECDHE (1)

  • WSTLSD debug as per sk105559 shows the following errors:
    CLN_SKE_verify_signature: failed to verify ECDHE params. rc: -100
    CLN_handle_SKE_ecdhe_v12: CLN_SKE_verify_signature failed. rc_verify: -974
    CLN_handle_ServerKeyExchange: failed to handle ServerKeyExhange. rc: -974


Solution
Note: To view this solution you need to Sign In .