Last Modified: Sep 13, 2023
Opened: Nov 24, 2020 Severity: 3-Major
In SSL forward proxy, the client side handshake may fail with the message: fwdp lookup error.
SSL forward proxy handshake fails.
The handshake failure occurs when the certificate chain consists of different key types. For example, the following cert chain may fail the handshake: root CA (rsa) --> intermediate CA1 (rsa) --> intermediate CA2 (ec) --> end-entity cert (ec) The signing CA which is intermediate CA2 has a key of EC type, but cert is signed by RSA signature. The end-entity cert has a key of EC type, but cert is signed by ECDSA. In this case, the signer cert has different signature from that of the end-entity cert.
Fixed an issue with SSL forward handshakes.