How to force SSL/TLS version negotiation with a specific website
search cancel

How to force SSL/TLS version negotiation with a specific website

book

Article ID: 184851

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

The client machine is negotiating a version of TLS/SSL that is not acceptable for a specific website. (Security reasons, interoperability with OCS, etc). You can force proxy to use specific TLS version. 

Resolution

The following configuration can be apply from VPM or CPL.

Web VPM

1. Create SSL Layer
2. Create new Rule. Adjust source and destination parameters.
3. In Action Select:
    a)SetServerMinMaxSSLVersion1 - adjust settings
4. Save changes

 

CPL Code: 

<SSL>
  url.domain="example.com" server.connection.min_ssl_version(tlsv1.2)
 

 

Powered by Wolken Software