In some network environments, where SSLv2 handshakes are not permitted due to a low level of security inherent in such a request, it is prudent to change how the ProxySG appliance initiates these requests.
To fix this problem, change the SSL protocol version:
- In the Management Console, navigate to Configuration > SSL > Device Profiles.
- Select the default device profile and click Edit.
- Change the SSL Protocol Version in the drop-down to support only SSLv3TLSv1.
- Click OK.
- Click Apply.
Any sessions that were in progress at the time of the change will need time to clear before the change will impact a new session. Rebooting the appliance will ensure that this is done, otherwise wait between 5 and 15 minutes. This will ensure that any proxy-initiated HTTPS session (not user traffic) will use the updated value.
To control user traffic in a similar manner, make a similar change to the SSL client settings (in the Management Console, nagivate to Configuration > SSL > SSL Client).