Forum Discussion

Nimbostratus

Jul 31, 2014

Issues with Proxy SSL

I have an ASM with a VS with client and server ssl profiles configured with proxy ssl so that the clients can do certificate authentication to a MobileIron VSP behind the ASM, so far all of the clien...

Cirrocumulus

Jul 31, 2014

Mike,

What TMOS version are you running? Also have you seen this SOL? sol13385

`Proxy SSL supports only the RSA key exchange. For proper functioning, the client and
server must not negotiate key exchanges or cipher suites that Proxy SSL does not support, such as the Diffie-Hellman (DH) and Ephemeral Diffie-Hellman (DHE) key exchanges, and the Elliptic Curve Cryptography (ECC) cipher suite. To avoid this issue, you can either configure the client so that the ClientHello packet does not include DH, DHE, or ECC; or configure the server to not accept DH, DHE, or ECC. Proxy SSL supports only the NULL compression method.`

Wonder if this is the issue?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)