What does unknown extension 23 in a SSL Client Hello indicate.

book

Article ID: 168873

calendar_today

Updated On:

Products

Asset Management Solution SG-300 SG-600 SG-510 SG-810 SG-9000 SG-900 SG-S500 SG-S400

Issue/Introduction

If your ProxySG appliance is configured to intercept SSL traffic, and user access is failing to an HTTPS website that reports the following in a SSL Client Hello:

unknown extension 23

You are seeing the issue covered by the following Technical Alert
https://support.symantec.com/en_US/article.ALERT2311.html

Cause

Microsoft released a patch that changed the SSL protocol and introduced a new extension in the SSL Client Hello.

Resolution

SGOS version 6.5.8.7 introduced a fix that understands this extension and will not reset the ssl connection.