Force server side TLS connection to TLS1.2 or TLS1.3 on Cloud SWG
search cancel

Force server side TLS connection to TLS1.2 or TLS1.3 on Cloud SWG

book

Article ID: 282364

calendar_today

Updated On: 09-25-2024

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Older servers communicating only over TLS1.1.

You want to upgrade the server-side communication to TLS1.2 or 1.3. 

Environment

Cloud SWG
Edge SWG
UPE/Management Center

Cause

Older servers communicating only over TLS1.1.

Resolution

This can be done by configuring policy using domain/SNI (Server Name Indication) on Management Center (UPE). SSL interception is must in this case. Example is for TLS1.3 and requires SSL Interception.

<SSL>
 client.connection.ssl_server_name=example.com server.connection.min_ssl_version(tlsv1.3) server.connection.max_ssl_version(tlsv1.3)

OR 

<SSL>
  url.domain=example.com server.connection.min_ssl_version(tlsv1.3) server.connection.max_ssl_version(tlsv1.3)