Support for Renegotiations for Global Protect Apps
14358
Created On 01/25/23 13:49 PM - Last Modified 06/02/23 23:56 PM
Symptom
- Failure to connect Global Protect with clients which use Renegotiations (secure or insecure) as per RFC5746
- You may see a connection failure as follows :
SSL negotiation with portal.test.com
SSL connection failure
9069B3F2667F0000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:ssl/statem/extensions.c:879:
Failed to open HTTPS connection to portal.test.com
Failed to complete authentication
--------------------------------------------------------------------------------
Environment
Any Global Protect Setup
Cause
- As of current implementation, Renegotiations (secure or insecure) are not supported for GlobalProtect Apps.
- This can be referenced in the below document: TLS Cipher Suites Supported by GlobalProtect Apps
Resolution
- Non supportablity of Renegotiations (secure or insecure) is currently an expected behaviour as per TLS Cipher Suites Supported by GlobalProtect Apps