The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
SSL Handshake fails when HTTPS Inspection Probe Bypass and ECDHE ciphers enabled
Technical Level
Solution ID
sk117892
Technical Level
Product
HTTPS Inspection
Version
R77.10, R77.20, R77.30, R80.10, R80.20
Date Created
06-Jun-2017
Last Modified
22-Jul-2019
Symptoms
Probe bypass is enabled as per sk104717,
Output of the following command shows value of 1: [Expert@Home]# fw ctl get int enhanced_ssl_inspection
enhanced_ssl_inspection = 1
ECDHE ciphers are allowed as per sk104717,
Output of the following command shows value of 1: [Expert@Home]# cat $CPDIR/registry/HKLM_registry.data | grep -i ecdhe
:CPTLS_ACCEPT_ECDHE (1)
:CPTLS_PROPOSE_ECDHE (1)
WSTLSD debug as per sk105559 shows the following errors: CLN_SKE_verify_signature: failed to verify ECDHE params. rc: -100
CLN_handle_SKE_ecdhe_v12: CLN_SKE_verify_signature failed. rc_verify: -974
CLN_handle_ServerKeyExchange: failed to handle ServerKeyExhange. rc: -974
