Before disabling SSLv3, TLSv1.0, and TLS 1.1, verify that all clients and servers with traffic going through the appliance support TLSv1.2 or later.
For SGOS version 7.3.8.1 and later:
Specify the SSL/TLS versions to use for connections instead of denying connections that negotiated less-secure versions. In the web VPM, add the Set Client Min Max SSL Version and Set Server Min Max SSL Version objects to the policy to specify a range of SSL/TLS versions for matching transactions.
Alternatively, use CPL such as the following examples:
; when connecting to example.com
; accept only TLSv1.2 and TLSv1.3 on the server side