ProxySG & Advanced Secure Gateway

Hi,
One of our customer getting connection reset for the domain "acctcdn.msftauth.net". The domain belongs to office365 services. When the customer bypasses proxy the site is accessible even though it gives an xml error page.
I noticed connection resets in the PCAP that I took from the ASG. The proxy is tying to use TLS1.0 when trying to connect to the domain (outbound connection to server) but the domain supports minimum TLS1.2. I tried the below without any luck

Dear Shabeeb,

Better you open a case with support,. Now a days Suppport is excellent .

Regards,
Rashed


Original Message:
Sent: 6/22/2022 10:19:00 AM
From: shabeeb kunhipocker
Subject: Force ASG to connect to a website using TLS 1.2

Hi,
One of our customer getting connection reset for the domain "acctcdn.msftauth.net". The domain belongs to office365 services. When the customer bypasses proxy the site is accessible even though it gives an xml error page.
I noticed connection resets in the PCAP that I took from the ASG. The proxy is tying to use TLS1.0 when trying to connect to the domain (outbound connection to server) but the domain supports minimum TLS1.2. I tried the below without any luck

1. Disabled protocol detection for the domain.
2. Tried to enforce tlsv1.2 via CPL using client connection negotiate and server connection negotiate parameters.

Pls help as this is a bit urgent

Thanks

Shabeeb