Behavior change between SGOS 6.2 and 6.5 for SSL cipher selection
Article ID: 168299
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
How the ProxySG handles SSL cipher selection for server and client connections depends on the version of SGOS your appliance is running. As of SGOS 6.5.x, the ProxySG appliance supports DHE ciphers for both sever and client connections. Versions of SGOS that are earlier than SGOS 6.5.x do not support DHE ciphers for client connections.
For example, when accessing a website that supports a newer set of ciphers (such as ECDHE) with Firefox 33 or later:
- An appliance running SGOS 6.2.16.2 uses DHE ciphers for server connections and RSA for client connections.
Client(UA is FireFox------------------------------------------SG---------------------------------------------------------------OCS
<---TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)--> <---TLS_DHE_RSA_WITH_AES_128_CBC_SHA--->
- An appliance running SGOS 6.5.5.7 uses DHE ciphers for both connections.
Client(UA is FireFox------------------------------------------SG---------------------------------------------------------------OCS
<---TLS_DHE_RSA_WITH_AES_128_CBC_SHA---> <---TLS_DHE_RSA_WITH_AES_128_CBC_SHA--->
Feedback
Yes
No
Powered by
