Views:

The issue occurs when the web server hosting the website does not support TLS 1.2 and IWSVA is set to connect to the web server with the same SSL method as the client. Chrome and Firefox will always try to connect to a web server with TLS 1.2 first. If the connection from IWSVA to the web server via TLS 1.2 fails, Chrome and Firefox will close the connection rather than try again with a different SSL method.

To resolve the issue, you can customize the settings for the SSL method used by IWSVA so that IWSVA will try to connect to the web server with a different SSL method if it does not support TLS 1.2. This way, browsers such as Chrome and Firefox will not close the connection.

  1. Log on to the IWSVA web UI and go to HTTP > HTTPS Decryption Settings > SSL Method.
  2. Tick the Customize SSL setting radio button then select the following checkboxes:

    • Under Client SSL Method:

      • TLSv1.2
      • TLSv1.1
      • TLSv1.0

    • Under Server SSL Method:

      • TLSv1.2
      • TLSv1.1
      • TLSv1.0

    SSL method

  3. Click Save.
 
Allowing IWSVA to connect to a website using TLS 1.0 and/or TLS 1.1 slightly decreases security. However, this is neccesary if you want to allow users to connect to websites which do not support TLS 1.2.