Why does the content filter download or other proxy-initiated HTTPS requests fail?

Solution

Overview

In some network environments, where SSLv2 handshakes are not permitted due to a low level of security inherent in such a request, it is prudent to change how the ProxySG appliance initiates these requests. 

To fix this problem, change the SSL protocol version:

  1. In the Management Console, navigate to Configuration > SSL  > Device Profiles.
  2. Select the default device profile and click Edit.
  3. Change the SSL Protocol Version in the drop-down to support only SSLv3TLSv1.
  4. Click OK.
  5. Click Apply.

 

Additional Information:

Any sessions that were in progress at the time of the change will need time to clear before the change will impact a new session. Rebooting the appliance will ensure that this is done, otherwise wait between 5 and 15 minutes. This will ensure that any proxy-initiated HTTPS session (not user traffic) will use the updated value.

To control user traffic in a similar manner, make a similar change to the SSL client settings (in the Management Console, nagivate to Configuration > SSL > SSL Client).

 

 

 

 

Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ1565
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat