Overview
After upgrading to AppGate v6.6, administrators may see the following warning:
Warning
The current TLS version is deprecated in site SITE NAME. Support will be removed in an upcoming release. Please switch to a fully supported version.
.png?sv=2022-11-02&spr=https&st=2026-04-17T02%3A45%3A38Z&se=2026-04-17T02%3A56%3A38Z&sr=c&sp=r&sig=tsrqCxVS4D%2FTlCd91fvtU5Bch6WaoRy2fQahRhZNtVk%3D)
As noted in the v6.6 release notes, TLSv1.2 and TLSv23 are being deprecated for VPN tunnel communication in an upcoming release. AppGate is moving toward stronger, modern cryptographic standards (TLS 1.3).
Why am I seeing this Warning?
The warning appears because one or more Sites are still configured to use a soon to be deprecated tunnel protocol version (TLSv1.2 or TLSv23).
In AppGate v6.6, these versions are deprecated in favor of TLS 1.3 for VPN tunnel communication.
TLS 1.3 provides:
Improved security
Reduced handshake latency
Removal of legacy cryptographic mechanisms
Moving to TLS 1.3 aligns with modern security best practices and future AppGate platform requirements.
No immediate outage occurs simply because of the warning. However, administrators should review their environment before changing the tunnel protocol.
Important considerations before changing TLS settings
Before updating the Tunnel Protocol setting, customers should verify the following:
Firewall and Network Security Devices
Some environments have firewall rules, deep packet inspection, or TLS inspection policies that:
Explicitly reference TLS 1.2
Restrict or inspect TLS versions
Have legacy configurations that do not properly handle TLS 1.3
If these policies are not updated, switching to TLS 1.3 may result in connection failures.
Action: Confirm that perimeter firewalls, IDS/IPS, SSL inspection devices, and proxies support and allow TLS 1.3 for AppGate traffic.
Internal Security or Audit Requirements
Some organizations maintain older internal security standards or compliance documentation that:
Mandate TLS 1.2
Do not yet account for TLS 1.3
In these cases, customers may need to review and update internal security policies before making the change.
Monitoring and Logging Systems
Security monitoring tools that parse or inspect TLS metadata may need validation to ensure they properly handle TLS 1.3 sessions.
How to Remove the Warning
Once the above validations are complete, the warning can be resolved by updating the Site configuration.
Steps:
Log in to the Admin UI
Navigate to Sites
Edit the affected Site
Locate Tunnel Protocol (VPN)
Change the protocol to TLS v1.3
Save and apply the changes
.png?sv=2022-11-02&spr=https&st=2026-04-17T02%3A45%3A38Z&se=2026-04-17T02%3A56%3A38Z&sr=c&sp=r&sig=tsrqCxVS4D%2FTlCd91fvtU5Bch6WaoRy2fQahRhZNtVk%3D)
After updating the configuration, the deprecation warning will no longer appear. Note that making these changes will reset all existing TLS connections. This change should be planned during an appropriate maintenance window to minimize impact on end users.