Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Home >   Check Point Forums >   Software Blades and Gateways >   Application Control and URL Filtering

Thread: HTTPS Inspection - Handshake Failure - Cipher..?

Welcome, Guest Help
Login Login
Guest Settings Guest Settings
This question is not answered. Helpful answers available: 2. Correct answers available: 1.

Permlink Replies: 0 - Pages: 1 Threads: [ Previous | Next ]
Stephen Henihan

Posts: 1
Registered: 12/16/15
HTTPS Inspection - Handshake Failure - Cipher..?
Posted: Apr 12, 2017 7:56 PM
  Click to reply to this thread Reply

Specific example is SurveyMonkey.com. Connections fails unless we bypass TLS inspection.
Using OpenSSL I can see that connection to some of these sites employs ECDHE-RSA-AES256-SHA. SSL Labs shows many references to secp384r1 and the site prides itself on its new A rating.
When I inspect sites, the MITM TLS connection between the client and the Checkpoint appliance seems to step back down to AES 128bit. Some sites accept this (https://www.aib.ie) but it appears that others do not.
I was going to look into how to update or configure Checkpoint NGX 4400 to step up to AES256 and higher Ciphers when I found articles saying that this was supported in the latest Jumbo updates.
However, https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk106162 indicates there is a version 221 out since early March. Using the Gaia web interface, the Updates CPUSE section only offered me Take 216 - no 221.
Is there a reason for this - am I not recommended to update to 221?
I want to ensure that inspection can continue on sites such as these so where can I find the 221 version to install it and enable support for these bigger Cipher - or even just a simple fix to rectify this one issue?

Currently installed hotfixes:
Check Point CPinfo build 176 for R77, R77.10, R77.20, R77.30
Jumbo Hotfix Accumulator General Availability for R77.30 Take 216

Added current hotfix info.

Message was edited by: Stephen Henihan

Expert: 751 + pts
Advanced: 301 - 750 pts
Enthusiast: 101 - 300 pts
Novice: 0 - 100 pts
Check Point
Helpful Answer (5 pts)
Correct Answer (10 pts)