Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working With Encrypted Data > Decryption and Encryption > SSL configuration settings for inbound traffic
SSL configuration settings for inbound traffic
Help | Content Gateway | Version 8.0.x
Related topics:
*
SSL configuration settings for outbound traffic
 
Use Configure > SSL > Decryption / Encryption > Inbound to configure SSL and TLS settings and ciphers for inbound traffic.
1.
Under Protocol Settings, indicate which protocols you want Content Gateway to support. Supported protocols are:
*
SSLv2
*
SSLv3 (disabled by default)
*
TLSv1 (enabled by default)
 
* 
Note 
TLSv1.1 and TLSv1.2 are also supported.
Both are enabled by default for inbound connections, but not for outbound (to destination server) connections.
Each is enabled/disabled with records.config variables:
proxy.config.ssl.client.TLSv11 INT 1 --(0 = disabled)
proxy.config.ssl.client.TLSv12 INT 1 --(0 = disabled)
When Content Gateway is on a Websense appliance, use the Appliance manager Toolbox Command Line Utility to set the value.
When Content Gateway is installed as software, use "content_line -s" on the Linux command line to set the value.
Select the protocols that your organization's security policy has adopted and that your browsers support.
You must select at least one protocol.
These settings override the settings for these protocols in the users' browsers.
You can select different protocols for outbound traffic.
2.
The cipher list describes available algorithms and level of encryption between the client and Content Gateway.
The Default setting indicates to use all available ciphers except the eNULL, ADH, and EXP suites.
The strongest cipher (providing the highest level of encryption) is applied first. This can be set to a different level of encryption than for outbound traffic.
Additional cipher settings are:
*
High encryption cipher suites: those with key lengths larger than 128 bits, and some cipher suites with 128-bit keys.
*
Medium encryption cipher suites: those using 128 bit encryption.
*
Low encryption cipher suites: those using 64- or 56-bit encryption algorithms but excluding export cipher suites.
For inbound requests (clients connections to Content Gateway), consider using Low encryption to improve performance.
For more information on ciphers, refer to www.openssl.org/docs.
3.
Click Apply.
4.
Click Restart on Configure > My Proxy > Basic > General.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working With Encrypted Data > Decryption and Encryption > SSL configuration settings for inbound traffic
Copyright 2016 Forcepoint LLC. All rights reserved.