Symptom:

When trying to surf to a website that requires a higher level of authentication, the following block page is received:

A good example for this would be: https:www.renuar.co.il, which requires TLS 1.1+ to surf it.



Cause:

By default, Websense proxy only supports SSLv1,v2,v3 and TLS1.0 in versions below 8.3. To enable TLS 1.1 and 1.2 additional actions are required.



Solution:

Please note, the TLS 1.1 and 1.2 are not available in the GUI. To enable those, you will need to SSH to the WCG if it is an application or use the Appliance toolbox to set it:

proxy.config.ssl.client.TLSv11 1
proxy.config.ssl.client.TLSv12 1


Restart the WCG to apply the settings