SSL Visibility 184.108.40.206 is now available on Symantec Product Downloads for Symantec SSL Visibility customers. Once logged in with their MySymantec credentials, entitled SSL Visibility customers can download the corresponding image and Release Notes from the SSL Visibility Downloads page.
This release supports encrypted traffic management for the new TLS 1.3 standard (RFC 8446), adding to the existing support for earlier TLS 1.3 draft versions (draft 18 – draft 28) and for earlier TLS and SSL versions.
New Reports in the WebUI Dashboard – SSLV has greatly enhanced its Reporting dashboard which now provides visibility into certificate status and Inspection Errors to improve encrypted traffic management. Reporting is also now available for Host Categories & Rulesets used by inspection policies.
Enhanced OCSP Stapling Response - Enterprises want SSL inspection appliances to be as transparent as possible. This new feature enhances SSLV’s ability to handle and use OCSP stapling to ensure that client systems that request stapled OCSP response requests will work without problems when SSLV inspects the traffic they generate. The capability to send a stapled OCSP response to the client is in addition to the existing SSLV capability which uses information in stapled responses from servers as part of policy decisions.
Automated External Trust Package Updates – Automated updating of the external trust package used by the SSL Visibility appliance ensures that the list of trusted public Certificate Authorities is always up to date.
X.509 Certificate Fingerprint Lists – An X.509 Fingerprint List contains X.509 certificate SHA-1 fingerprint data extracted from SSL blacklists of fingerprints flagged as being associated with malware or botnet activities. After importing these fingerprints into a list in SSL Visibility, the X.509 Fingerprint list can be referenced in a reject or drop rule. SSL Visibility will then attempt to match the fingerprint of the X.509 certificate from the ServerCertificate TLS handshake message to an entry in the specified list; if the fingerprint matches one on the list, the session will be rejected or dropped.
Improved Method of Packet Capture Port Selection – The Packet Capture feature in the WebUI now offers an appliance diagram to select capture ports.
On-Device Help System – The WebUI now provides a help system that contains a related help topic for each screen in the WebUI. The search feature can be used to locate the relevant topic or navigate the menus in the help system.
Online HTML-Based WebGuide – The SSL Visibility 4.4.x Administration & Deployment WebGuide is a new resource available on the Symantec Product Documentation page. It contains the content of the SSL Visibility Administration and Deployment Guide (PDF) in addition to supplemental material (feature overviews, product information). It has a built-in search facility and all the content is searchable on the web. See SSL Visibility 4.4.x WebGuide
Update to Unsupported Sites Policy – please refer to article INFO5078 for details.
All customers running versions of v4.3.x, v4.2.x, or v4.1.x are advised to upgrade their SSL Visibility systems to v220.127.116.11 at their earliest convenience by applying the sslv_18.104.22.168-224475 bcsi file. Please refer to article INFO5078 and the Release Notes for specific details and the upgrade procedure.