WatchGuard SSL_ERROR_NO_CYPHER_OVERLAP error for when browsing via HTTPS Proxy - Solved

We were experiencing errors on sites like http://www.cyberessentials.org/ where the error message shown in the browser was: SSL_ERROR_NO_CYPHER_OVERLAP(this comes up in Internet Explorer, Firefox and Chrome) . A search of the error message does not bring a lot up so this was one we escalated as a support ticket to WatchGuard who came back very quickly with a solution that made a lot of sense and two minutes later the problem was solved.

The solution is to follow the instructions in the WatchGuard documentation online linked here . The fix in essence is to enable support (set allow) for PFS (Perfect Forward Secrecy) feature in the HTTPS Proxy so that the firewall and the target websites can support a common feature and security set. So with the relevant tick box selected and the updated policy saved the problem was solved. You can apply this via the configuration web portal on port 8080 or via the WSM Security Manager Windows software per your preference.

Screenshot of the option in the Windows Fireware Policy Manager:

..hopefully this will save others some time if you have the same error. If you'd like to outsource your WatchGuard Support then please do feel free to Get In Touch .