Always
block sessions with unsupported versions to prevent access to sites
with weak protocols. On the
SSL Protocol Settings
tab,
set the minimum Protocol Version to TLSv1.2 to block sites with
weak protocol versions. If a site you need to access for business
purposes uses a weaker protocol, create a separate Decryption profile
that allows the weaker protocol and specify it in a Decryption policy
rule that applies only to the sites for which you must allow the
weaker protocol.