Version 24.06-09-a1 February 14, 2025
This is a hotfix.
Fixes
The following fixes are included in this hotfix:
-
Fixes an occasional datapath instability when processing browser-based client traffic where post-quantum cryptography is enabled. The instability would result in a datapath self-heal. The fix ensures datapath stability, resulting in no need to self heal.
-
Fixes an issue where a forwarding policy could not retrieve the Service Name Indication (SNI) from a TLS Client Hello message causing the gateway to close the connection with a TCP RST. This is caused by a change made in Chrome in April 2024 to shift to Post-Quantum Cryptography. With this change, the Client Hello is larger than 1415 bytes, which can result in an inability to retrieve the SNI, which is used by the policy to match or filter by domain. The fix ensures the forwarding policy can support Client Hello sizes greater than 1415 bytes.