A user may want to disable TLS 1.0/1.1 as a vulnerability mitigation tactic.
Release :Pre WAI 1.15. This issue has been addressed in WAI 1.15.
Web Isolation versions previous to WAI 1.15 may be susceptible to a flag during a vulnerability scan as it supports TLS 1.0/1.1.
For proxy flow edit records.config:
sudo vi /opt/fireglass/current/ci_infra/ats/config/records.config
set tls 1.1 settings to 0:
CONFIG proxy.config.ssl.TLSv1_1 INT 0
CONFIG proxy.config.ssl.client.TLSv1_1 INT 0
Restart proxy container:
Run 'sudo docker ps | grep fireproxy'
Run ‘sudo docker restart <fireproxy container id>’
For Websocket / Resources get clipr container id:
'sudo docker ps | grep clipr'
‘sudo docker exec -it <clipr container id> bash’
Remove TLSv1.1 from ssl protocols in file ‘/etc/nginx/nginx.conf’
Restart clipr container:
‘sudo docker restart <clipr container id>’
Please note that these changes will not survive upgrade to another 1.14 version.