This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

https proxy only delivers tls1.1, no tls1.2

It's me again with still the same problem.
I am using the latest sophos free license version with https filtering enabled with a built https proxy ca cert within the utm.
i can surf all https sites perfectly but something is strange:

the https web proxy does still not offer tls1.2, tls1.1 is maximum.
this is problematic in chrome, as it's telling that old encryption is used.
the ca cert automaticaly built by the utm does use sha1 and only 2048 bit keys.

is there a way:
1. to get a proper 4096 bit web proxy ca cert with at least sha2?
2. to use tls1.2 and more efficient cipher suites instead of tls1.1?

This thread was automatically locked due to age.

Parents

0 AmigoHD over 9 years ago

there is nothing wrong with surfing tls1.2 websites.
i am talking about the re-encryption of the utm to the enduser. the proxy ca cert is 2048bit only with sha1 hash instead of modern 4096 bit with sha2.
and the https web proxy re-encryption is done in tls1.1 only, no support for modern ciphers in tls1.2 while the webinterface is secured by tls1.2.
so this has to be a problem in https web proxy. while does the proxy for clients do not offer tls1.2 for re-encryption?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 AmigoHD over 9 years ago

there is nothing wrong with surfing tls1.2 websites.
i am talking about the re-encryption of the utm to the enduser. the proxy ca cert is 2048bit only with sha1 hash instead of modern 4096 bit with sha2.
and the https web proxy re-encryption is done in tls1.1 only, no support for modern ciphers in tls1.2 while the webinterface is secured by tls1.2.
so this has to be a problem in https web proxy. while does the proxy for clients do not offer tls1.2 for re-encryption?
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data