How to force SSL/TLS version negotiation with a specific website
search cancel

How to force SSL/TLS version negotiation with a specific website

book

Article ID: 184851

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

The client machine is negotiating a version of TLS/SSL that is not acceptable for a specific website. (Security reasons, interoperability with OCS, etc). You can force proxy to use specific TLS version. 

Resolution

The following configuration can be applied from either VPM or CPL.

Web VPM Method

1. Create SSL Access Layer
2. Create a new Rule. Adjust the source and destination objects.
3. In the Action field, select:
    a)SetServerMinMaxSSLVersion1 - adjust to desired settings
4. Save changes

 

CPL Code Method: 

<SSL>
  url.domain="example.com" server.connection.min_ssl_version(tlsv1.2)
 

 

Powered by Wolken Software