Which SSL protocols does CA Directory support?

Document ID : KB000053863
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

CA Directory supports SSLv3 and TLSv1 protocols.

Solution:

CA Directory supports SSLv3 and TLSv1 protocols. It does not support SSLv2, however it supports SSLv2 client hello for compatibility but will only negotiate using SSLv3 or TLSv1.

If you run the SSLD component in FIPS mode then only TLSv1 is supported.

Eg.

Scenario A
A client will send out SSLv2 client hello messages and will indicate that it also understands SSLv3 and TLSv1.
The server will understand the SSLv2 client hello messages but will negotiate in SSlv3 or TLSv1

Scenario B
A client will send out SSLv2 client hello messages and will indicate that it only understands SSLv2
The server will understand the SSLv2 client hello messages but will fail as it will try to negotiate in SSlv3 or TLSv1