I have a legacy client on my network that needs to connect to an internet website that is disabling support for TLS 1.0 and 1.1. This client is not capable of making connections higher than TLS 1.0, though. It uses the ProxySG explicitly with a CONNECT, but I can route the traffic to get it there transparently as well if needed. Is there a way in the ProxySG to cause the Proxy -> OCS connection to be TLS 1.2 even though the Client -> Proxy connection is TLS 1.0?
I found one knowledge entry that looks like it’s specific to making the reverse happen, but I think this is more of a source/dst/action rule (https://support.symantec.com/en_US/article.TECH248…). I tried it anyway with the client.negotiated.ssl.version set to TLSV1 and it resulted in a ‘n/a’ in a policy trace.
Anyone know if there’s a way to do this?