How to disable SSLv3 from SWG HTTPS service


This article applies to:

  • SWG 10.x,
  • SWG 11.x

Question:

  • Due to vulnerabilities revealed in SSLv3 how can I disable SSLv3 transactions on the SWG?

Procedure:

To disable SSL v3 on the SWG please use the following procedure:

  1. Access the web interface of the Policy Server
  2. Log in as admin
  3. Navigate to Administration >  System Settings >  SWG/M86 Devices
  4. Expand the device tree to locate the different services for the scanning server(s)
  5. Click on the HTTPS service
  6. In the main window click on the Advanced tab
  7. Uncheck the 'Allow SSLv3' checkbox
  8. Repeat as necessary for all of the active scanning servers
  9. Commit changes

Notes:

The following image shows the advanced tab of the HTTPS service settings with 'Allow SSLv3' disabled.

Last Modified 10/16/2014.
https://support.trustwave.com/kb/KnowledgebaseArticle19999.aspx