Re: SSL 2.0 is not supported

Vincent_Bacher · ‎2018-03-27

Hello mates,

since few days we are facing https requests rejected by https inspection with description "SSL 2.0 is not supported".

Does anybody know if this is a configurable setting and where to modify it? Or any reason why not?

Did not find anything here or in admin guide, sk or SmartConsole yet.

SC is R80.10 and GW is R77.30.

Cheers

Vincent

and now to something completely different

PhoneBoy · ‎2018-03-27

SSLv2 isn't supported for HTTPS Inspection without a hotfix.

Refer to: How to control support for SSLv2 handshake in HTTPS Inspection

Vincent_Bacher · ‎2018-03-27

Thanks a lot, Dameon!

and now to something completely different

Hugo_vd_Kooij · ‎2018-03-30

Any system still using SSL v2 should be taken out of the back and put out of everyone's misery. 😉

Murat_Oguz · ‎2018-06-18

Check ssl_min_ver value is SSLv3 selected on GuiDBedit.

GuiDBedit, on the Tables tab, select Other > ssl_inspection.

In the Objects column, select general_confs_obj.

In the Fields column, select the minimum and maximum TLS version values in these fields:

ssl_max_ver (default = TLS 1.2)

ssl_min_ver (default = SSLv3)

Huseyin_Rencber · ‎2018-06-18

Important Note(sk108654) : The fix is for the scenario the client sends SSLv2 ClientHello, but it also supports a higher SSL version and offers it inside the handshake. The gateway will not allow either the client or web server to use an SSL version lower than the configured ssl_min_ver (which cannot be set to lower than SSLv3). i.e., the fix adds support for handling the SSLv2 ClientHello header format (which is different than the format used in SSLv3 and above), not support SSLv2 as the chosen SSL version.

Dor_Marcovitch · ‎2018-11-22

do you have a scale to what considered lowest and highest.

is the follow right?

lowest: ssl 2

ssl 3

tls 1.0

tls 1.1

tls 1.2

highest: tls 1.3