Proxy administrators would like to determine how to force the use of TLS 1.3 handshakes via Edge SWG (formerly ProxySG) devices.

Edge SWG (formerly ProxySG)

To force Edge SWG (formerly ProxySG) devices to negotiate certain TLS versions, enforce the following CPL policy:

<SSL>
  client.connection.negotiated_ssl_version=TLS1.3

Note(s): It is also recommended to limit this to specific traffic in the policy. Additionally. TLS1.3 policy is available with 7.3.x code.

The above information is readily available via the public CPL guide located here: client.connection.negotiated_ssl_version=.