Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
0
Helpful
3
Replies

ironport : different client hello tls version

justinus.budi
Level 1
Level 1

‎12-29-2022 03:34 AM

I did packet capture on cisco ironport to different public ip address destination.

I have some question why in the wireshark showing different TLS version

TLSversion.jpg

 FYI

i have only 1 default destination control

 

Thanks

Labels:
0 Helpful
3 Replies 3

Ken Stieers
VIP
VIP

‎12-29-2022 09:20 AM

Those are to different servers...
In the 220 TLS go ahead packet, 2 before the TLSv1 packet you point out, it probably says that that server can only support TLS1, so the ironport downgrades... (
I'd have to see the Destination Control config (force encryption/what to do if we can't, etc) and the System Administration\SSL Configuration page (what TLS and ciphers), but I suspect you're configured to allow outbound TLS1.0.

0 Helpful

justinus.budi
Level 1
Level 1

‎12-29-2022 11:28 PM

Here i upload the destination control and the ssl configuration

Destination Control.jpg

SSLConfiguration.jpg

0 Helpful

José L. Dávila
Cisco Employee
Cisco Employee
In response to justinus.budi

‎01-09-2023 10:28 AM

Hello there, 

As per configuration, it is likely connection to the second server is downgraded to TLS 1.1.

To confirm which version is negotiated, we would need to take a look to the packet details TLS negotiation. You will find in the lower frame of Wireshark. 

Hope it helps, 

Regards.

José L. Dávila
0 Helpful
Customers Also Viewed These Support Documents