When SSL Interception is enabled in the WSS portal (Policy > TLS/SSL Interception), WSS attempts to preserve the TLS version and cipher suite as negotiated by the client and server.
Does WSS support TLSv1.3?
Note:
If your WSS is deployed in UPE mode (you use Management Center to administer the same policy on the ProxySG appliance and WSS), you can modify policy to allow or block traffic based on negotiated TLS version and cipher suite.
WSS Reference: Supported Cipher Suites