HTTPS requests may fail when the following is true:
Some web servers have altered their signature algorithm preferences to include algorithms SGOS does not support. When the client includes an algorithm in its supported list and the server selects one not supported by SGOS the ProxySG or ASG will close the connection in the middle of the SSL handshake with a ‘Decode error’ alert that can be seen in a packet capture (pcap). The result is a connection failed error in the client’s browser.
This has been seen mostly with Akamai’s servers which host various web sites.
The fix for this issue is available in 220.127.116.11 and newer 6.7 releases.
How to work-around this issue until an upgrade to a release with the fix can be done:
Note: The above work around disables SSL interception and decryption. This will impact visibility into HTTPS requests for authentication, ICAP processing, etc.