By seeing answers above, I think that I should configure like below, if I want to force
Deployment Server and
Universal Forwarder to use
[sslConfig] sslVersions = tls1.2,-ssl2, -ssl3
[sslConfig] sslVersionsForClient = tls1.2,-ssl2, -ssl3
However, in my environment
Universal Forwarder is ver 6.4.5 and
Deployment Server is ver 6.2.3, and there isn't stanza
sslVersionsForClient in ver 6.2.3.
First of all, is the setting above correct?
Also, even if the ver is different and there is a stanza that does not exist on other side, will it work without problems?
If someone tell me about it, I appreciate.
So, what you should be doing on the client and server, is setting the sslversions in server.conf, if that wasn't clear in my answer
Thank for answer!
So you means that I should set
sslVersions stanza to both, and I should set
sslVersionsForClient to Universal Forwarder, right?
I could force tls1.2 to connection of Universal Forwarder and Deployment Server by setting
server.conf of only Deployment Server.
I would just set sslVersions in the server.conf on both, and not worry about sslVersionsForClient.
By setting it in the server.conf, I believe it becomes the default setting for any SSL services running (management port, HEC, etc..).