WebPulse automatically disables older, insecure versions of the Transport Layer Security (TLS) as of 2023-06-30.
In most cases, no action is required, as support for the latest TLS versions is automatically enabled when upgrading ProxySG.
However, if you are using the legacy Blue Coat Web Filter (BCWF) database or the Internet Watch Foundation (IWF) database, and TLS 1.2 and TLS 1.3 have been disabled on your appliance, you must update the set of TLS versions that the ProxySG allows.
This issue only affects:
This issue does NOT affect:
Use one of the following procedures to allow the latest TLS versions to be used when communicating with WebPulse.
sg# show content-filter bluecoat
Data Source: Intelligent Servicesor
Data Source: WebFilter
sg# show ssl ssl-device-profile default
Protocol: tlsv1.2 tlsv1.3
sg# config terminal
sg# (config) ssl
sg# (config ssl) edit ssl-device-profile default
sg# (config device-profile default) protocol tlsv1.2 tlsv1.3
sg# (config device-profile default) protocol tlsv1.2