3 Replies Latest reply on Dec 24, 2014 1:04 AM by M Bagheryan M

    SSL Encryption Settings

    wollerd

      Hello,

       

      I have a customer that is experiencing SSL failures to some Policy and PKI servers.  No network errors were evident; all traffic was successfully connecting through all equipment (MWG and MFE).  I found a possible error during SSL negotiation.  Web Gateways are configured to use TLS 1.2 / 1.1 / 1.0 & SSL 3.0; there is also a configuration for alternate handshake that only had SSL 3.0 selected.  I added TLS 1.0 to this configuration and the user reported that he was now able to connect successfully.  The only other difference I noted was in the main SSL encryption settings.  There is an encryption algorithm missing (!kEDH) that was found in the alternate config.  I think the better fix would be to add that algorithm to the primary SSL config, but I don’t understand why the default was configured this way.  Do you see any problem with adding the EDH to the primary SSL config?

       

      Default Certificate Verification.PNG