Windows 10 update fails when HTTPS Inspection enabled on Security Gateway

Support Center > Search Results > SecureKnowledge Details

Technical Level

Symptoms

Windows 10 update fails when HTTPS Inspection enabled on Security Gateway, although the option "Bypass HTTPS inspection of traffic to well known software update services" is enabled.

Cause

Microsoft changed its servers to support only ECDSA cipher suites.

Security Gateways running Gaia R80.20 and below, by default, do not propose ECDSA cipher suites.

Consequently, handshake between the Security Gateway and the Microsoft server will fail, usually right after the Client Hello message.

Solution

Note: To view this solution you need to Sign In .