Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Silver

Disable TLS1.0 Chekcpoint R80.40

Hello,

I am looking to block TLS1.0 in my Checkpoint Gateway R80.40.. i followed the following article

 

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

my query is that under point 6 it says:

6. Disable the use of SSLv3 and TLS1.0 for Gaia Portal. To do this make the changes below in the same file:

from:

SSLProtocol -ALL {ifcmp = $httpd:ssl3_enabled 1}+{else}-{endif}SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2

To:

SSLProtocol -ALL {ifcmp = $httpd:ssl3_enabled 1}+{else}-{endif}SSLv3 +TLSv1.1 +TLSv1.2

 

but here SSLv3 is mentioned in the bottom line.. can someone please explain this.. Thanks..

 

Also, if i follow the following KB and make the changes via Smartconsole.. is it one and the same thing or do i need to do the changes in SmartConsole as well as Gateways.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Thanks

0 Kudos
1 Reply
Highlighted
Admin
Admin

You need to do both.
You’ll notice that a plus or minus is basically enclosed in an if statement.
Unless you’ve enabled SSLv3 using ssl3_enabled in the configuration, it will result in a minus which means no SSLv3.