The purpose of this article is to provide information on SSL Visibility support for TLS 1.3
For SSLV 3.x versions:
From version 220.127.116.11 the capability of identifying TLS1.3 was first introduced. This allows the SSLV to perform a separate unsupported action that is defined under the segment options. Prior to release 18.104.22.168 the TLS 1.3 traffic would not be identified, and the policy defined for the “Catch All Action” within the Ruleset Options will come into effect. In order to cut-through TLS 1.3 traffic, this policy would need to be set to allow all undecryptable connections to be cut-through. SSLV 3.x does not officially support TLS1.3 decryption and merely supports identifying this kind of traffic for the purpose of applying the unsupported action.
For SSLV 4.x versions:
SSLV 4.2 and above fully supports TLS 1.3.
TLS 1.3 Native Support for Classic Segments –Decrypt and re-encrypt traffic using TLS 1.3 draft versions 18-21 when feeding most inline active and passive security devices.