Why does the content filter download or other proxy-initiated HTTPS requests fail?


Article ID: 167546


Updated On:


ProxySG Software - SGOS


In some network environments, where SSLv2 handshakes are not permitted due to a low level of security inherent in such a request, it is prudent to change how the ProxySG appliance initiates these requests. 

To fix this problem, change the SSL protocol version:

  1. In the Management Console, navigate to Configuration > SSL  > Device Profiles.
  2. Select the default device profile and click Edit.
  3. Change the SSL Protocol Version in the drop-down to support only SSLv3TLSv1.
  4. Click OK.
  5. Click Apply.


Additional Information:

Any sessions that were in progress at the time of the change will need time to clear before the change will impact a new session. Rebooting the appliance will ensure that this is done, otherwise wait between 5 and 15 minutes. This will ensure that any proxy-initiated HTTPS session (not user traffic) will use the updated value.

To control user traffic in a similar manner, make a similar change to the SSL client settings (in the Management Console, nagivate to Configuration > SSL > SSL Client).