Why are some protocol options not enabled by default in SSL Inspector?
It is not recommended to enable all of the selections for SSL inspector unless advised to, or testing is necessary. The first two options under both "Client Connection Protocols" and "Server Connection Protocols" are left blank by default, and this is as designed. The older versions of the SSL protocol are inherently insecure. Version 2 and 3 of SSL have many known vulnerabilities and can be easily bypassed with the right tools.
Here we can see the default settings for SSL Inspector.
The "Enable SMTPS Traffic Processing" option is also disabled by default, as most smaller networks do not have an internal email server. This will only scan that email traffic if an email server is present. This can be enabled as needed, and is recommended when using any internal email resources.Follow
Please sign in to leave a comment.