cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

SSL 2.0 is not supported

Hello mates,

since few days we are facing https requests rejected by https inspection with description "SSL 2.0 is not supported".

Does anybody know if this is a configurable setting and where to modify it? Or any reason why not?

Did not find anything here or in admin guide, sk or SmartConsole yet.

SC is R80.10 and GW is R77.30.

Cheers

Vincent

and now to something completely different
6 Replies
Admin
Admin

Re: SSL 2.0 is not supported

SSLv2 isn't supported for HTTPS Inspection without a hotfix.

Refer to: How to control support for SSLv2 handshake in HTTPS Inspection 

Highlighted

Re: SSL 2.0 is not supported

Thanks a lot, Dameon!

and now to something completely different
0 Kudos

Re: SSL 2.0 is not supported

Any system still using SSL v2 should be taken out of the back and put out of everyone's misery. 😉

Re: SSL 2.0 is not supported

Check ssl_min_ver value is SSLv3 selected on GuiDBedit.

GuiDBedit, on the Tables tab, select Other > ssl_inspection.

In the Objects column, select general_confs_obj.

In the Fields column, select the minimum and maximum TLS version values in these fields:

ssl_max_ver (default = TLS 1.2)

ssl_min_ver (default = SSLv3)

0 Kudos

Re: SSL 2.0 is not supported

Important Note(sk108654) : The fix is for the scenario the client sends SSLv2 ClientHello, but it also supports a higher SSL version and offers it inside the handshake. The gateway will not allow either the client or web server to use an SSL version lower than the configured ssl_min_ver (which cannot be set to lower than SSLv3). i.e., the fix adds support for handling the SSLv2 ClientHello header format (which is different than the format used in SSLv3 and above), not support SSLv2 as the chosen SSL version.

Re: SSL 2.0 is not supported

do you have a scale to what considered lowest and highest.

is the follow right?

lowest: ssl 2

ssl 3

tls 1.0

tls 1.1

tls 1.2

highest: tls 1.3