ECDHE decyrption

(Sarra) #1

We have a very serious Issue,

our customer is unable to acces to some https sites and zscaler said the if the site is using ECSDSA algorithm , we must to whitelist it because it’s not supported,

this behaviour occurs last week and it always happening,

could you have information about that,


(Sarra) #2

knowing that sites are using ciphers ECDHE-RSA-AES256-GCM-SHA384 and not Ecdsa


(Ramesh M) #3

ECDHE is now enabled on all zscaler production clouds.

Regards / Ramesh M

(Matthew Clements) #4

Hi there.

I am a server operator and am looking to remove AES256-GCM-SHA384 ciphers. In Feb 2019 I see zscaler IPs connecting to me with roughly a 2:1 mix of AES256-GCM-SHA384 and ECDHE-RSA-AES256-GCM-SHA384 selected.

Is your rollout of ECDHE definitely complete?

There seems to be some dynamic causing some of your nodes to prefer the non-ECDHE cipher still.

If AES256-GCM-SHA384 is no longer available would your nodes definitely use ECDHE-RSA-AES256-GCM-SHA384?