Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 7967 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

https proxy only delivers tls1.1, no tls1.2

AmigoHD
It's me again with still the same problem.
I am using the latest sophos free license version with https filtering enabled with a built https proxy ca cert within the utm.
i can surf all https sites perfectly but something is strange:



the https web proxy does still not offer tls1.2, tls1.1 is maximum.
this is problematic in chrome, as it's telling that old encryption is used.
the ca cert automaticaly built by the utm does use sha1 and only 2048 bit keys.

is there a way:
1. to get a proper 4096 bit web proxy ca cert with at least sha2?
2. to use tls1.2 and more efficient cipher suites instead of tls1.1?


This thread was automatically locked due to age.
Parents
  • 0
    Amigo, if you followed the POODLE vulnerability, you might remember that the TLS exposure was with CBC.  Part of the remediation involved removing that from the UTM. That site just needs to update and eliminate its exposure to POODLE.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Amigo, if you followed the POODLE vulnerability, you might remember that the TLS exposure was with CBC.  Part of the remediation involved removing that from the UTM. That site just needs to update and eliminate its exposure to POODLE.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML