The purpose of this article is to expose an issue that SGOS versions since 6.7.2.X are experiencing when trying to access some specific HTTPS sites.
The error can be found in packet captures as follows:
This error is experienced in the latest Mozilla Firefox and Google Chrome versions, but not with Internet Explorer.
In addition, the same error is also visible from SGOS prior to 6.6.5.14 using TLSv1.2.
The SSL handshake breaks after the proxy receives a Server Hello message from the destination server. This occurs because the server is trying to use an Elliptic Curve that is currently unsupported by the ProxySG.
The Elliptic Curve in question can be found within a packet capture under the segment titled "Extension: elliptic_curves".
Example:
Elliptic curve: ecdh_x25519 (0x001d)
The issue with SGOS prior to 6.6.5.14 is caused due to the signature algorithm not supported for TLSv1.2, which has been patched starting SGOS 6.6.5.14.