Cisco Firewall and TLS 1.3 Compatibility Issues

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Cisco Firewall and TLS 1.3 Compatibility Issues

2025-05-22

A company encountered a problem with their Cisco firewall: due to TLS 1.3 encrypting server certificates, the firewall couldn't enforce URL or application access rules based on certificate content. To solve this, Cisco introduced TLS Server Identity Discovery, using an additional TLS 1.2 handshake to retrieve the certificate in plaintext. However, this clashed with expected Postgres database behavior. The actual issue wasn't TLS 1.3 incompatibility, but rather the firewall wasn't configured to block unknown applications; it attempted to learn the certificate for 3 seconds before giving up and allowing the connection.

(marc-bowes.com)

Tech

AI in Higher Ed: Gimmick or Revolution?

350-Million-Year-Old Reptile Footprints Rewrite Evolutionary History