Enabled or disabled SSL protocol version of the Management Service are not migrated when it is upgraded to 7.2.x from 6.7.4.x.
After upgrade show management-services command display all 3 protocol version unexpectedly.
Blue Coat SG-VA Series#show management-services
Service Name: HTTP-Console
Service: HTTP-Console
Attributes: <None>
..
SSL Protocol version: tlsv1.1 tlsv1.2 tlsv1.3
Release : SGOS7.2.x
Component : Management
The SGOS 7.2.3.5 and earlier has issue if run the migrate upgrade scenarios.
If the appliance was never upgraded to 7.2.x or 7.3.x previously, upgrading to this release will preserve the previous ciphers selection and enable TLS 1.3 by default.
To apply the fix if the appliance was previously upgraded to 7.2.x or 7.3.x, you must remove the existing SGOS 7.x configuration before upgrading.
Issue the #remove-sgos7-config command, restart the appliance, and then install this release.
SGOS7.2.3.6 has fix for unexpected migration behavior.
Upgrade from SGOS6.7.4 to SGOS7.2.3.6.
The sample of upgrade process.
eg: configure it on 6.7.4.13
#(config management-services)attribute ssl-versions tlsv1.2
Warning: This operation could result in a change of cipher suite.
ok
#(config management-services)view
Service Name: HTTP-Console
Service: HTTP-Console
Attributes: <None>
..
SSL Protocol version: tlsv1.2 << only tls1.2 is enabled.
eg: Upgrade to 7.2.3.1 as following proper procedure.
#remove-sgos7-config
Removing SGOS 7.x configuration will permanently delete existing 7.x.x configuration from disk.
Continue? (y/n)[n]: y
Removing SGOS 7.x configuration ...
restart
Booting Version: SGOS 7.2.3.1, Release id: 254850
Executing image: Version: SGOS 7.2.3.1, Release id: 254850
==== Completed Major version system upgrade (sg6 to sg7).
#show management-services
Service Name: HTTP-Console
Service: HTTP-Console
Attributes: <None>
..
SSL Protocol version: tlsv1.1 tlsv1.2 tlsv1.3 << all 3 protocols are enabled.