This general release includes new features and provides a number of important vulnerability and bug fixes.
New Features & Enhancements in SSL Visibility Appliance 3.8.4 Enable/Disable Rule Setting You can now disable a rule within a ruleset. When creating or editing a rule, the new Enabled option is selected by default; the rule is active (and its location in the ruleset matters as usual). When cleared, the rule is not processed. The setting is also shown per rule in the Rulesets > Rules panel, as True (enabled) or False (disabled) in the new Enabled column.
Feedback Timeout Setting SSLV 3.8.4 supports a new loopback feedback timer. The new Appliance Feedback Options panel replaces the Plaintext Marker panel on the Segments window. Feedback Timeout is a new setting in that panel, which determines how long the SSL Visibility Appliance waits for a response before canceling a request and interrupting the SSL flow. Selecting the Extended timeout allows a more time-consuming request, such as one to the cloud, to complete. The Default is 1 second. The Extended period is 5 seconds.
Resigning CA Certificate Chain SSLV 3.8.4 provides support for including the resigning CA certificate chain in resigned SSL sessions. This allows SSL clients to validate resigned certificates without auto-downloading the resigning CA certificate chain. Here is an overview of the basic procedure:
On the Segment > System Options panel, check the new Append Resigning CA Chains to Resigned Certificates option.
On the PKI > External Certificate Authorities window, add all CAs from the resigning certificate chain to the External Certificate Authorities list.
On the PKI > Resigning Certificate Authorities window, add or edit a resigning certificate, Local or HSM. Select the required Certificate Chain External CAs. Click OK (on an Edit window) or Add (on an Add window), then Apply the changes.
Verify the CA chain. On the PKI > Resigning Certificate Authorities window, highlight the resigning CA, then click the Test Certificate Chain icon (chain link).
Configure a new segment with a ruleset using the appended resigning CA.
When changing a password, the system now prevents a user from reusing previous passwords
Blue Coat recommends upgrading all SSL Visibility Appliance models to software version 3.8.4 build 15.