Hello Thimanjer, Logically thinking, the SSL negogation should take the highest encryption level allowed between the two devices. The easiest way to tell who is the cause would be take a TCPDUMP on the SA or backend to see what encryption availables from each device. From the SA side, I have not heard of any issues about forcing SSLv1. Most likely, this means the backend is only allowing SSLv1 or has a preference to connect SSLv1.
... View more