Is it possible to bypass the "ssl_min_ver" option

Mastering Compliance
Unveiling the power of Compliance Blade

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

May the 4th (+4)
Navigating Paradigm Shifts in Cyber

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

Introducing Quantum Force
Accelerated AI-Powered Firewalls

LEARN MORE

Create a Post

Hi folks,

One of our client needs to roll out a new remote support software called "ConnectWise", part of that application needs to pass through the firewalls (Screenconnect). Currently that traffic is getting blocked by the firewall due to the "ssl_min_ver" option.

I have been working with a colleague on this issue and his findings are below:

I have been investigating the issue of the ConnectWise client appearing to be communicating using SSL rather than TLS. After raising this issue with ConnectWise support, I have been informed that the client actually uses a proprietary ‘relay’ protocol, which uses AES-256 encryption (https://control.connectwise.com/support/features/security). Neither SSL or TLS are used by the client, due to the proprietary protocol. In order to confirm this, I have captured the ConnectWise traffic from my device using Wireshark.

This shows the SSL connections, however on further inspection, this is not actually genuine SSL traffic, as it is missing the expected SSL data within the packets.

Wireshark is able to identify the version of SSL being used, and further details can be viewed within the ‘Secure Sockets Layer’ section for the packet. It appears that Wireshark are incorrectly identifying the ConnectWise traffic as being SSLv3, which is due to Wireshark being unaware of the proprietary protocol used by ConnectWise.

Is it possible to bypass the "ssl_min_ver" option or would that option need to be configured to SSLv3?