Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Khalid
Explorer

website is not dispalyed

Hi team - for some reason this website is not dispalyed. outside the gateway is working fine.

TLSv1 is disabled, but for some reason the gateway is still using TLSv1 to connect on behalve the user.

We made a https bypass, but no succes  

The exact message displyaed is:

This page can’t be displayed

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://lft.ema.kpmg.com again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

 

do you have any suggestion for this? thank you

Khalid

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

What version/JHF level is the gateway?
Is HTTPS Inspection enabled?
What do you see in the gateway logs when you try and access the site?

0 Kudos
Khalid
Explorer

Hi PhoneBoy, Tank you for reply

What version/JHF level is the gateway? >> R80.20SP/T191
Is HTTPS Inspection enabled? >>Yes enabled
What do you see in the gateway logs when you try and access the site?>> the traffic is allowed 

We observed in the TCPDUMP that the gateway is sending TLSv1 but the website is using TLSv1.2. possible the cause of the issue but not sure.

Thank you

0 Kudos
Vincent_Bacher
Advisor
Advisor

You may debug that as per sk105559

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
Martin_Raska
Advisor
Advisor

You have a kinda old setup R80.20SP Take 191 (2 Dec 2019, GA from 05 Jan 2020), strongly advice to upgrade it. The website is only allowing TLS 1.2 and only one strong cipher suite

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, old GW TLS engine and old ciphers are your problem.