SSL Deep Inspection Flow-based mode will not support TLS1.3

f2480126 · ‎01-14-2025

We encountered an issue where we needed to enable SSL protection on our internal web server to provide connections for external visitors. After enabling SSL protection, the browser displayed ERR_CONNECTION_RESET. When checking with openssl s_client -connect, we found that TLS1.3 was not supported, but TLS1.2 was supported. We also confirmed that the backend server originally supported TLS1.3, but when we switched the firewall mode to proxy mode, it could support TLS1.3 and the browser could access the website normally.

AEK · ‎01-14-2025

Which FOS version?

AEK

f2480126 · ‎01-14-2025

7.2.10

srajeswaran · ‎01-14-2025

are you using a self signed certificate for the internal web server?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

f2480126 · ‎01-14-2025

yes,My default web server will use a self-signed certificate, only the domain application uses a CA certificate.

f2480126 · ‎01-14-2025

Hello, even if I change the server certificate to a CA certificate, the situation remains the same.

srajeswaran · ‎01-14-2025

Thanks for testing that. Can you open a ticket with our TAC to investigate further?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

f2480126 · ‎01-14-2025

ok

SSL Deep Inspection Flow-based mode will not support TLS1.3

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website