Some https sites PR_CONNECT_RESET_ERROR

Hello,
my users receive an PR_CONNECT_RESET_ERROR visiting some websites, I can't understand if these websites have problems with their https certs or if there is some misconfiguration in my HTTPS proxy action but I can't spot where is the problem.
Can somebody help me to fix this?
One of such website is https://www.lapostadelsindaco.it

By now I solved adding an "Allow Any Policy" towards these websites, but I don't like this solution

Thanks

Comments

  • I don't get this error for the above web site, running V12.5.1

    What XTM version are you running & what firewall model do you have?
    Verfify that you have PFS ciphers Allowed on your TLS Profile on your HTTPS proxy.

  • James_CarsonJames_Carson WatchGuard Representative

    Hi @uffced

    The error PR_Connect_Reset_error is usually because the TLS profile is not configured correctly on the HTTPS proxy that hit the traffic.

    Please do the following: Go to WSM - Policy Manager - Edit HTTPS proxy that traffic uses - Edit Proxy Action - TLS Profile - Edit. Make sure that the "Perfect Forward Cipher" is set to Allow.

    If the problem persists, I'd suggest opening a case with support so that they can look into your issue.

    Thank you,

    -James Carson
    WatchGuard Customer Support

  • Hy, we have M300 with XTM 12.4, I checked "Perfect Forward Cipher" and it is set to "Allow" with TLS Compliance "Not Enforced" and OCSP to validate certificates.

  • You should open a support incident to get help from a WG rep in resolving this.

  • Although this site gets an "A" rating here https://www.ssllabs.com/ssltest/analyze.html?d=www.lapostadelsindaco.it&hideResults=on, it still shows weak ciphers and other issues. Maybe one of them is related to your problem or it's a problem with older firmware. I have a T35 running 12.5.1 with HTTPS/DPI enabled and I can access the site just fine.

    Gregg Hill

    Firebox T15/T35-W
    Fireware 12.5.1 build 601804
    WSM 12.5.1 build 601717
    ISP = Spectrum Cable 100 x 10 service
    Management computers: Win 8.1 Pro 64-bit, Win 10 Pro 64-bit, Server 2012 R2

Sign In to comment.