The ProxySG appliance cannot choose the SSL protocol; the client or server accepts or rejects the protocol. For example, in an end-to-end connection:
The ProxySG appliance accepts the hello from the server.
The ProxySG appliance forwards the server's hello to the client.
The client either accepts or rejects the server's hello.
The client accepts the server's hello. The appliance acknowledges both the server and client. The server and client exchange certificates and establish a connection.
The client rejects the server's hello. The server requests a different protocol and the client either rejects or accepts the server. If the client does not agree to any of the protocols the server requests, the ProxySG appliance drops the connection.
The ProxySG appliance has settings that you can configure to support SSL protocol. See the
Editing an SSL Client section of the Administration Guide.
Note: The SSL Client settings are applicable when the ProxySG appliance is acting as an SSL Client by initiating its own SSL connections, for example, when acting as:
A reverse proxy
The Blue Coat Web Filter
A licensing portal
You can also
specify the preferred SSL and TLS protocol versions in CPL. The syntax for this policy for the client is: