How to force SSL/TLS version negotiation with a specific website

book

Article ID: 184851

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

The client machine is negotiating a version of TLS/SSL that is not acceptable for a specific website. (Security reasons, interoperability with OCS, etc)

Resolution

The following configuration is only applicable through CPL. There are no options for this in the VPM.

 

Syntax
client.connection.negotiated_ssl_version=SSLV2|SSLV3|TLSV1|TLSV1.1|TLSV1.2

Acceptable Layer Types
<ssl> and <proxy> layers

Example
<ssl>
url.domain=example.com client.connection.negotiated_ssl_version=TLSV1.2