This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

https proxy only delivers tls1.1, no tls1.2

It's me again with still the same problem.
I am using the latest sophos free license version with https filtering enabled with a built https proxy ca cert within the utm.
i can surf all https sites perfectly but something is strange:

the https web proxy does still not offer tls1.2, tls1.1 is maximum.
this is problematic in chrome, as it's telling that old encryption is used.
the ca cert automaticaly built by the utm does use sha1 and only 2048 bit keys.

is there a way:
1. to get a proper 4096 bit web proxy ca cert with at least sha2?
2. to use tls1.2 and more efficient cipher suites instead of tls1.1?

This thread was automatically locked due to age.

Parents

0 BAlfson over 9 years ago

Rick, a new vulnerability (CVE-2014-8730) that affects TLSv1.2 was discovered December 8, and the UTM has that exposure removed.

I don't know if Microsoft has fixed the vulnerability in some other way or if it's advisable to disable SSLv3.0 and TLSv1.2 in IE.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 9 years ago

Rick, a new vulnerability (CVE-2014-8730) that affects TLSv1.2 was discovered December 8, and the UTM has that exposure removed.

I don't know if Microsoft has fixed the vulnerability in some other way or if it's advisable to disable SSLv3.0 and TLSv1.2 in IE.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data