This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ed300zx
Explorer
‎2019-09-25 08:36 AM

SSLv2.0 and R80.20

Hello All,

We turned on SSL Inspection on R80.20 and basically everything in our environment crashed. Looking at the logs it showed that majority of the drops were SSLv2.0 is not supported. I saw sk108654, however was notified by Checkpoint support that there is no hotfix for R80.20. There are too many sites that are using SSLv2.0 so a workaround is needed in our environment. Is there anyway to bypass all SSLv2.0 traffic other than based on category?

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2019-09-25 10:37 AM

You can do bypass by IP address for sites you know use SSLv2.
0 Kudos
ed300zx
Explorer
‎2019-09-25 10:56 AM
In response to PhoneBoy

I did an export of the logs and it showed more than 65k IP's that were SSLv2.  It brought down Skype, Outlook and internal sites.  Can we bypass based on applications such as Skype, Outlook?

0 Kudos
Wolfgang
Authority
Authority
‎2019-09-25 12:41 PM
In response to ed300zx

Ed300zx,

I‘m thinking your problem isn‘t related to SSLv2.0 .

None of your mentioned sites is using SSLv2, these is an unsecure protocol and should not used by the website owners. And most of the common owners doesn‘t. 

Are you really sure that outlook and Skype in your connections is using SSLv2 ?

Maybee the logs are showing something wrong...can you please provide one ?

Did you opened a TAC case to check this behaviour ?

Wolfgang

0 Kudos
ed300zx
Explorer
‎2019-09-25 12:52 PM
In response to Wolfgang

Well correction, Skype and Outlook went down due to expired certs.  SSLv2 has to do with internal sites we have.  Totally agree SSLv2 is insecure and should not be used.  But its a up hill battle with the web app team.  So trying to figure out a work around.  

0 Kudos
ed300zx
Explorer
‎2019-09-25 01:29 PM
In response to ed300zx

sk112214 - Several HTTPS web sites and applications might not work properly when HTTPS Inspection is enabled on Security Gateway.  I guess found my answer.  🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events