Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vincent_Bacher
Advisor
Advisor

SSL 2.0 is not supported

Hello mates,

since few days we are facing https requests rejected by https inspection with description "SSL 2.0 is not supported".

Does anybody know if this is a configurable setting and where to modify it? Or any reason why not?

Did not find anything here or in admin guide, sk or SmartConsole yet.

SC is R80.10 and GW is R77.30.

Cheers

Vincent

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
6 Replies
PhoneBoy
Admin
Admin

SSLv2 isn't supported for HTTPS Inspection without a hotfix.

Refer to: How to control support for SSLv2 handshake in HTTPS Inspection 

Vincent_Bacher
Advisor
Advisor

Thanks a lot, Dameon!

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
Hugo_vd_Kooij
Advisor

Any system still using SSL v2 should be taken out of the back and put out of everyone's misery. 😉

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
Murat_Oguz
Explorer

Check ssl_min_ver value is SSLv3 selected on GuiDBedit.

GuiDBedit, on the Tables tab, select Other > ssl_inspection.

In the Objects column, select general_confs_obj.

In the Fields column, select the minimum and maximum TLS version values in these fields:

ssl_max_ver (default = TLS 1.2)

ssl_min_ver (default = SSLv3)

0 Kudos
Huseyin_Rencber
Collaborator

Important Note(sk108654) : The fix is for the scenario the client sends SSLv2 ClientHello, but it also supports a higher SSL version and offers it inside the handshake. The gateway will not allow either the client or web server to use an SSL version lower than the configured ssl_min_ver (which cannot be set to lower than SSLv3). i.e., the fix adds support for handling the SSLv2 ClientHello header format (which is different than the format used in SSLv3 and above), not support SSLv2 as the chosen SSL version.

Dor_Marcovitch
Advisor

do you have a scale to what considered lowest and highest.

is the follow right?

lowest: ssl 2

ssl 3

tls 1.0

tls 1.1

tls 1.2

highest: tls 1.3

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events