This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Decryption Issues

Is anyone else noticing issues with SSL inspection recently? we've just had the new core agent 2023.1.0.73 deployed on our estate and seeing a vast amount of websites being blocked 'the encryption used by this server hosting the URL is insecure' downgrading our core agent to the previous version completely removes this problem. 

As you can see from the screenshot this is a Cisco website using TLS 1.3 but is being blocked..... 

2023-06-05T07:15:33.716Z [18416:24736] I [clienthello] connection:0x17c6083ae70 sni:sso.cisco.com ip:72.163.4.70 flowId:98923 decision:decrypt source:snf_cache
2023-06-05T07:15:33.728Z [18416:24736] E SSL_do_handshake returned SSL error= 1 reason=338 error:00000001:lib(0)::reason(1) SSL*=0000017C5F1ACB80
2023-06-05T07:15:33.729Z [18416:24736] E Failed to set up SSL MITM encryption: Unrecoverable SSL error during handshake(): error:00000152:lib(0)::reason(338)
2023-06-05T07:15:33.737Z [18416:24248] E SSL_do_handshake returned SSL error= 5 reason=0 error:00000005:lib(0)::reason(5) SSL*=0000017C5F1ACB80
2023-06-05T07:15:33.737Z [18416:24248] E UnrecoverableError in hasOutput() for flowId=94696 side=Right
2023-06-05T07:15:33.737Z [18416:24248] E SSL_do_handshake returned SSL error= 5 reason=0 error:00000005:lib(0)::reason(5) SSL*=0000017C5F1ACB80
2023-06-05T07:15:33.737Z [18416:24248] E UnrecoverableError in output() for flowId=94696 side=Right
2023-06-05T07:15:33.738Z [18416:24248] E SSL_do_handshake returned SSL error= 5 reason=0 error:00000005:lib(0)::reason(5) SSL*=0000017C5F1ACB80
2023-06-05T07:15:33.738Z [18416:24248] E UnrecoverableError in hasOutput() for flowId=94696 side=Right
2023-06-05T07:15:33.738Z [18416:24248] E SSL_do_handshake returned SSL error= 5 reason=0 error:00000005:lib(0)::reason(5) SSL*=0000017C5F1ACB80
2023-06-05T07:15:33.738Z [18416:24248] E UnrecoverableError in output() for flowId=94696 side=Right



This thread was automatically locked due to age.
Parents Reply Children
No Data