Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ed300zx
Explorer

SSLv2.0 and R80.20

Hello All,

We turned on SSL Inspection on R80.20 and basically everything in our environment crashed. Looking at the logs it showed that majority of the drops were SSLv2.0 is not supported. I saw sk108654, however was notified by Checkpoint support that there is no hotfix for R80.20. There are too many sites that are using SSLv2.0 so a workaround is needed in our environment. Is there anyway to bypass all SSLv2.0 traffic other than based on category?

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

You can do bypass by IP address for sites you know use SSLv2.
0 Kudos
ed300zx
Explorer

I did an export of the logs and it showed more than 65k IP's that were SSLv2.  It brought down Skype, Outlook and internal sites.  Can we bypass based on applications such as Skype, Outlook?

0 Kudos
Wolfgang
Authority
Authority

Ed300zx,

I‘m thinking your problem isn‘t related to SSLv2.0 .

None of your mentioned sites is using SSLv2, these is an unsecure protocol and should not used by the website owners. And most of the common owners doesn‘t. 

Are you really sure that outlook and Skype in your connections is using SSLv2 ?

Maybee the logs are showing something wrong...can you please provide one ?

Did you opened a TAC case to check this behaviour ?

Wolfgang

0 Kudos
ed300zx
Explorer

Well correction, Skype and Outlook went down due to expired certs.  SSLv2 has to do with internal sites we have.  Totally agree SSLv2 is insecure and should not be used.  But its a up hill battle with the web app team.  So trying to figure out a work around.  

0 Kudos
ed300zx
Explorer

sk112214 - Several HTTPS web sites and applications might not work properly when HTTPS Inspection is enabled on Security Gateway.  I guess found my answer.  🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events