search cancel

SSL Visibility support for TLS 1.3

book

Article ID: 174108

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

The purpose of this article is to provide information on SSL Visibility support for TLS 1.3

Resolution

For SSLV 3.x versions:

From version 3.11.2.1 the capability of identifying TLS1.3 was first introduced. This allows the SSLV to perform a separate unsupported action that is defined under the segment options. Prior to release 3.11.2.1 the TLS 1.3 traffic would not be identified, and the policy defined for the “Catch All Action” within the Ruleset Options will come into effect. In order to cut-through TLS 1.3 traffic, this policy would need to be set to allow all undecryptable connections to be cut-through. SSLV 3.x does not officially support TLS1.3 decryption and merely supports identifying this kind of traffic for the purpose of applying the unsupported action.

 

For SSLV 4.x versions:

SSLV 4.2 and above fully supports TLS 1.3.

TLS 1.3 Native Support for Classic Segments –Decrypt and re-encrypt traffic using TLS 1.3 draft versions 18-21 when feeding most inline active and passive security devices.