Why does the content filter download or other proxy-initiated HTTPS requests fail?

<< Back to Knowledge Search



In some network environments, where SSLv2 handshakes are not permitted due to a low level of security inherent in such a request, it is prudent to change how the ProxySG appliance initiates these requests. 

To fix this problem, change the SSL protocol version:

  1. In the Management Console, navigate to Configuration > SSL  > Device Profiles.
  2. Select the default device profile and click Edit.
  3. Change the SSL Protocol Version in the drop-down to support only SSLv3TLSv1.
  4. Click OK.
  5. Click Apply.


Additional Information:

Any sessions that were in progress at the time of the change will need time to clear before the change will impact a new session. Rebooting the appliance will ensure that this is done, otherwise wait between 5 and 15 minutes. This will ensure that any proxy-initiated HTTPS session (not user traffic) will use the updated value.

To control user traffic in a similar manner, make a similar change to the SSL client settings (in the Management Console, nagivate to Configuration > SSL > SSL Client).





Additional Information
Bug Number
InQuira Doc IdFAQ1565

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Article Number      000016299
Was this helpful?
Previous MonthNext Month