After applying Microsoft KB980436, Internet Explorer fails to connect to some sites if intercepting SSL on the ProxySG
Affected products and versions
ProxySG 4.2, 4.3, all 5.x versions
This assumes the following is true:
Once the security patch is applied, IE browsers will receive only a partial page, or receive the standard connection error "Page Cannot Be Displayed" depending on the client configuration. This affects any website which uses TLS 1.0 in the SSL negotiation. (Related to TLSv1/SSLv3 renegotiation vulnerability)
This issue has been identified and resolved in some lines of code, and a fix is coming for other lines.
There are four workarounds available for this issue. These are listed by impact to the deployment and do not consider difficulty in applying the workarounds. The least impact to the deployment is listed first.
Secure renegotiation support is provided in the following releases. A CLI option to require secure renegotiation is available and is disabled by default. To enable the option, set the ssl command option force-secure-renegotiation to enable .
ProxySG 6.1 - a fix is available in SGOS 184.108.40.206 or later. The fix is available to customers with a valid BlueTouch Online login from bto.bluecoat.com/download/product/5351.
ProxySG 5.5 - a fix is available in SGOS 220.127.116.11. The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/41 .
ProxySG 5.4 - a fix is available in SGOS 18.104.22.168 or later. If you are intercepting SSL, Blue Coat recommends that you upgrade to SGOS 22.214.171.124. The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/17.
ProxySG 5.3 - please upgrade to a later version.
ProxySG 4.3 - a fix is available in SGOS 126.96.36.199. The fix is available to customers with a valid BlueTouch Online login from https://bto.bluecoat.com/download/product/13 .
ProxySG 3.x - No fix is planned for this version. Please upgrade to a later version.
Rate this Page
Please take a moment to complete this form to help us better serve you.