This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF - VWS - TLS version setting removed from UTM 9.506

UTM 9.5 introduced the ability to set the TLS version on a per-VWS basis.

This was a much needed feature that allowed us to increase the TLS version setting for Virtual Web Servers that we wanted to run a higher version, whilst allowing us to continue to run some VWS at a lower level, where clients would not work properly work at the highest version.

It appears that this has been removed in 9.506, being replaced by a global setting on the Advanced tab under the WAF area in Webadmin.

I have now had to change the setting for ALL my VWS to TLS 1.0 so that the few systems that require us to use the less secure 1.0 can continue to operate, weakening the security stance of all the VWS I had previously operating at version 1.2.

This is obviously not good.

Have I completely missed something in the release notes explaining this change? Or has Sophos pulled this feature without a mention?

The only thing in the release notes that even seems related is 'NUTM-8806 [WAF] Issue with TLS settings for virtual webserver' 



This thread was automatically locked due to age.