Follow

Why are all protocol options not enabled by default in SSL inspector?

It is not recommended to enable all of the selections for SSL inspector unless advised to, or testing is necessary. The first 2 options under both "Client Connection Protocols" and "Server Connection Protocols" are left blank by default, and this is as designed. The older versions of the SSL protocol are inherently insecure. Version 2 and 3 of SSL have many known vulnerabilities and can be easily bypassed with the right tools. 

Here we can see the default settings for SSL Inspector. 

SSLInspectorConfigRecommended.png
Clicking the image above will load it, full-size, in a new window.

The "Enable SMTPS Traffic Processing" option is also disabled by default, as most smaller networks do not have an internal email server. This will only scan that email traffic if an email server is present. This can be enabled as needed, and is recommended when using any internal email resources. 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk