Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Adrian-Green
Explorer

Is it possible to bypass the "ssl_min_ver" option

Hi folks,

 

One of our client needs to roll out a new remote support software called "ConnectWise", part of that application needs to pass through the firewalls (Screenconnect). Currently that traffic is getting blocked by the firewall due to the "ssl_min_ver" option.

I have been working with a colleague on this issue and his findings are below:

I have been investigating the issue of the ConnectWise client appearing to be communicating using SSL rather than TLS. After raising this issue with ConnectWise support, I have been informed that the client actually uses a proprietary ‘relay’ protocol, which uses AES-256 encryption (https://control.connectwise.com/support/features/security). Neither SSL or TLS are used by the client, due to the proprietary protocol. In order to confirm this, I have captured the ConnectWise traffic from my device using Wireshark.

This shows the SSL connections, however on further inspection, this is not actually genuine SSL traffic, as it is missing the expected SSL data within the packets.

Wireshark is able to identify the version of SSL being used, and further details can be viewed within the ‘Secure Sockets Layer’ section for the packet. It appears that Wireshark are incorrectly identifying the ConnectWise traffic as being SSLv3, which is due to Wireshark being unaware of the proprietary protocol used by ConnectWise.

Is it possible to bypass the "ssl_min_ver" option or would that option need to be configured to SSLv3?

0 Kudos
0 Replies
This widget could not be displayed.