Changes to SSL abbreviate handshake (407544)
The SSL handshake process has changed to make troubleshooting easier.
- In order to better identify which clients have caused SSL errors, the WAD SSL log will use the original source address rather than the source address of packets. l The return value of wad_ssl_set_cipher is checked.
- The wad_ssl_session_match has been removed because it will add the connection into bypass cache and bypass further inspection.
- DSA and ECDSA certificates are filtered for admin-server-cert l cert-inspect is reset after a WAD match to a Layer 7 policy l An option to disable the use of SSL abbreviate handshake has been added
CLI addition
config firewall ssl setting set abbreviate-handshake [enable|disable]