Support Center > Search Results > SecureKnowledge Details
Disabling TLS 1.1 and 1.2 in Portals and HTTPS Inspection
Symptoms
  • Starting with R75.40VS, the gateway supports newer versions of TLS 1.1 (RFC 4346) and TLS 1.2 (RFC 5246).
Solution

The new versions of TLS improve security by mitigating the BEAST attack ( http://en.wikipedia.org/wiki/BEAST_(computer_security) ) and moving to stronger hash functions.

If it's necessary to remove them, you can set the environment variable CPTLS_LEGACY_TLS10. To do this on SecurePlatform or GAIA, add the following line to file $CPDIR/conf/.CPprofile.sh:

CPTLS_LEGACY_TLS10=1 ; export CPTLS_LEGACY_TLS10

You will need to reboot after this.

 

NOTE: TLS 1.1 and 1.2 are supported in R75.40VS, R76 and later. They are not supported in R75.45, R75.46 and older versions.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment