All, We have implemented SSL decryption for a customer. The certificate used on the PA is the same as on the server. Our systems are scanned weekly by Qualys. One of the vulnerability is the following: 1/ SSL Server has SSLv2 Enabled Vulnerability Solution: Disable SSLv2 2/ SSL Insecure Protocol negotiation weakness Solution: OpenSSL has released new versions to address this issue. After some debugging we have the following result as in attachment. Can we conclude that the PA is using SSLv2? And if so how can we change it (to use SSLv3 or TLS) to get rid of the above vulnerability? rgds Johan
... View more