search cancel

Which SSL protocols does CA Directory support?

book

Article ID: 53863

calendar_today

Updated On:

Products

CA Directory CA Security Command Center CA Data Protection (DataMinder) CA User Activity Reporting

Issue/Introduction

Description:

CA Directory supports SSLv3 and TLSv1 protocols.

Solution:

CA Directory supports SSLv3 and TLSv1 protocols. It does not support SSLv2, however it supports SSLv2 client hello for compatibility but will only negotiate using SSLv3 or TLSv1.

If you run the SSLD component in FIPS mode then only TLSv1 is supported.

Eg.

Scenario A
A client will send out SSLv2 client hello messages and will indicate that it also understands SSLv3 and TLSv1.
The server will understand the SSLv2 client hello messages but will negotiate in SSlv3 or TLSv1

Scenario B
A client will send out SSLv2 client hello messages and will indicate that it only understands SSLv2
The server will understand the SSLv2 client hello messages but will fail as it will try to negotiate in SSlv3 or TLSv1

Environment

Release: ESPDIR99000-8.1-Extended Support Plus-for CA Directory
Component: