- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: question about cipher_util
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
question about cipher_util
1. tell me, when you disable weak ciphers, you lose access to some old resources on the Internet or our services stop working from the Internet?
2. after configuring in Global Properties->Advanced->Configure…->Portal Properties, Are there any restrictions on the protocols with which Internet users can connect to our Remote Access Portal?
There is now information that some servers on the Internet are still using TLS 1.0. After completing this step, it will not be possible to connect to these servers through the Security Gateway, but I would like to study these issues in more detail
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First: cipher_util can configure MultiPortal and/or SSL Inspection ciphers.
1. Not that i knew any ! Why should that be ?
2. Mobile Access or IPSec VPN should not be changed.
You can always connect to TLS 1.0 servers if you exclude the traffic from https inspection and use an old browser 😉
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
please specify,
1. By disabling weak ciphers, will we lose access to any old resources on the Internet that use TLS 1.0, but our services from the Internet will continue to work?
And also, can we resume their work by excluding the check in https inspection?
2. What is meant by this? Is it not recommended to disable ciphers when selecting (2) MultiPortal in cipher_util or what? In the portal properties there is no choice to disable for mobile access or ipsec vpn, it is disabled for all services at once
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- if you disable weak ciphers for outbound https inspection, you can only reach TLS 1.0 by excluding the traffic from it
- if you disable weak ciphers for inbound https inspection, internal servers with TLS 1.0 can not be reached anymore
- if you disable weak ciphers for MultiPortal, GAiA, SmartView, SSLVPN a.o. portals can be reached as before
- IPSec has nothing to do with TLS 1.0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you’re not using HTTPS Inspection, the configuration you make with cipher_util will have no effect on sites you connect to through the gateway.
If you have proper bypass rules in the HTTPS Inspection policy, those sites should still work.
It will definitely impact all connections to the gateway itself, including the Mobile Access Portal, but excluding IPsec VPN.
