Support Center > Search Results > SecureKnowledge Details
After upgrading R80.20 Security Gateways to Jumbo take 103 or above, Remote Access users can no longer connect with Endpoint Security VPN Technical Level
Symptoms
  • After upgrading R80.20 Security Gateways to Jumbo take 103 or above, Remote Access users can no longer connect with Endpoint Security VPN.
  • In Trac.log, you find:
    [talkssl] error_handler_for_winssl: SSL negotiation error.-The token supplied to the function is invalid
  • Portals that are on port 443 may display an SSL error.
  • Resetting Security Gateway certificate does not resolve the issue.
  • Following sk126613, and forbidding "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" resolves the issue.
Cause

The client is presenting an ECDSA-based cipher suite in the proposal.

Even though the Security Gateway does not have an ECDSA certificate to present, it tells the client that the non-ECDSA certificate is appropriate for the chosen ciphersuite.

When the client receives the non-ECDSA certificate, the client errors out and closes the connection.


Solution
Note: To view this solution you need to Sign In .