BugZero found this defect 2623 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
3/14/2017
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
All
Fireware
11.x
11.10.x
11.10
11.10.1
11.10.2
11.10.3
11.10.4
11.10.5
11.10.6
11.10.7
All
Both Mozilla Firefox 49+ and Google Chrome 56+ allow users to manually enable TLS 1.3 support in their browser configurations. When TLS 1.3 support is manually enabled in the browser, connections through the HTTPS proxy will fail if Content Inspection is disabled and the option Allow Only SSL Compliant Traffic is enabled. Firefox displays the error code: SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATAChrome displays the error code: SSL_VERSION_INTERFERENCEConnections will succeed using TLS 1.3 through the HTTPS proxy if Content Inspection is disabled and the option Allow Only SSL Compliant Traffic is disabled.Connections will also succeed, but are downgraded to use TLS 1.2 through the HTTPS proxy if Content Inspection is enabled.
To avoid this issue, you must either disable TLS 1.3 support in your browser, or use an HTTPS proxy with the Allow Only SSL Compliant Traffic option disabled.