Wget not able to connect to ProxySG

book

Article ID: 169292

calendar_today

Updated On:

Products

Asset Management Solution Data Center Security Monitoring Edition Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Wget is a program which can be used to fetch configuration and other data from the ProxySG via http and https.

Wget version below 1.16.1 is not able to establish a SSL connection to  SGOS 6.6.x.x but it is able to connect to SGOS 6.5.x.x

Cause

Wget 1.16.1 introduces TLSv1.1 and TLSv1.2 when establishing SSL connection to a HTTPS enabled site. Wget version below 1.16.1 has only TLSv1.0.

SGOS 6.6.x.x will disable TLSv1.0 by default as TLSv1.0 is vulnerable to POODLE attack.

SGOS 6.5.x.x has TLSv1.0 enabled by default. When Wget version below 1.16.1 connects to a ProxySG using SGOS 6.5.x.x it will connect via TLSv1.0 but when it tries to connect to SGOS 6.6.x.x, the SSL connection will fail as SGOS 6.6.x.x has disabled TLSx1.0.

Resolution

There are two ways to resolve this
1. Upgrade Wget to any version above 1.16.1. These versions will have TLSv1.1 and TLS1.2 for connectivity.

2. Enable TLSv1.0 from the HTTPS-console. This is not recommended as the ProxySG will be vulnerable to PODDLE attack.