Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working With Encrypted Data > Decryption and Encryption > SSL configuration settings for outbound traffic
SSL configuration settings for outbound traffic
Help | Content Gateway | v8.5.x
Use Configure > SSL > Decryption / Encryption > Outbound to configure SSL and TLS settings, session cache (removed in v8.5.4), and ciphers for outbound traffic (Content Gateway to the origin server).
1.
Under Protocol Settings, indicate which protocols you want Content Gateway to support. Supported protocols are:
*
SSLv2 (removed in v8.5.4)
*
SSLv3
*
TLSv1
*
TLSv1.1 (enabled by default)
*
TLSv1.2 (enabled by default)
Select the protocols that your organization's security policy has adopted.
*
You must select at least one protocol.
*
You can select different protocols for inbound traffic.
2.
Select Use session cache in the Session Cache section (removed in v8.5.4) if you want to cache keys until the time specified in the Session cache timeout field expires. If keys are not cached, each request is negotiated again.
3.
Use the Session cache timeout field to specify how long (in seconds) keys should be kept in the cache. The default is 300 seconds (5 minutes).
To disable session caching, set the session cache timeout to 0 (zero).
4.
Under Cipher Settings, select the appropriate Cipherlist for your deployment. The cipher list describes available algorithms and level of encryption between the client and Content Gateway.
The Content Gateway DEFAULT cipher list matches the OpenSSL Default list, excluding those that Forcepoint experts believe provide the least security or encryption strength.
The strongest cipher (providing the highest level of encryption) is applied first. This can be set to a different level of encryption than for inbound traffic.
Additional cipher settings are:
*
HIGH encryption cipher suites are those with key lengths larger than 128 bits, and some cipher suites with 128-bit keys.
*
MEDIUM encryption cipher suites include the high cipher list plus additional cipher suites that use 128-bit encryption algorithms.
For outbound requests, consider using HIGH to improve security.
Note that regardless of the selected setting, specific insecure ciphers are disabled by default. Control this list via the proxy.config.ssl.client.cipherlist_suffix variable in the records.config file. See the information provided in the SSL Decryption section of Content Gateway Configuration Files for more information.
For more information about ciphers and cipher lists, refer to www.openssl.org/docs.
5.
Click Apply.
6.
Go to the Configure > My Proxy > Basic > General tab and click Restart.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working With Encrypted Data > Decryption and Encryption > SSL configuration settings for outbound traffic
Copyright 2023 Forcepoint. All rights reserved.