Re: website is not dispalyed

Khalid · ‎2021-03-11

Hi team - for some reason this website is not dispalyed. outside the gateway is working fine.

TLSv1 is disabled, but for some reason the gateway is still using TLSv1 to connect on behalve the user.

We made a https bypass, but no succes

The exact message displyaed is:

This page canâ€™t be displayed

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://lft.ema.kpmg.com again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

do you have any suggestion for this? thank you

Khalid

PhoneBoy · ‎2021-03-11

What version/JHF level is the gateway?
Is HTTPS Inspection enabled?
What do you see in the gateway logs when you try and access the site?

Khalid · ‎2021-03-11

Hi PhoneBoy, Tank you for reply

What version/JHF level is the gateway? >> R80.20SP/T191
Is HTTPS Inspection enabled? >>Yes enabled
What do you see in the gateway logs when you try and access the site?>> the traffic is allowed

We observed in the TCPDUMP that the gateway is sending TLSv1 but the website is using TLSv1.2. possible the cause of the issue but not sure.

Thank you

Vincent_Bacher · ‎2021-03-11

You may debug that as per sk105559

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

Martin_Raska · ‎2021-03-12

You have a kinda old setup R80.20SP Take 191 (2 Dec 2019, GA from 05 Jan 2020), strongly advice to upgrade it. The website is only allowing TLS 1.2 and only one strong cipher suite

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, old GW TLS engine and old ciphers are your problem.