https://community.cisco.com/t5/network-security/ssl-decryption-exception-fail/m-p/5327251#M1122583 <P>There is option to select tls 1.3 in ssl policy and tls 1.3 decryption&nbsp;</P> <P>Before downgrade check these options&nbsp;</P> <P>Also you can capture traffic in ftd interface and check tls ver use&nbsp;</P> <P>MHM</P> Thu, 04 Sep 2025 18:55:58 GMT MHM Cisco World 2025-09-04T18:55:58Z https://community.cisco.com/t5/network-security/ssl-decryption-exception-fail/m-p/5327226#M1122579 <P>I'm working on creating an SSL decryption policy, but I'm running into an issue where the "no decryption" rule is failing to prevent decryption.</P><P>Interestingly, if I configure the "no decryption" rule using a subnet address, it works as expected. However, when I use a URL in the rule, it doesn't seem to have any effect.</P><P>Am I missing something here? These same rules used to work fine in version 7.4.2, but they no longer work in 7.6.2.</P><P>Any insights would be appreciated.</P><P>Regards</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="rules.jpg" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/251390i021EBB0E1B24D1C1/image-size/large?v=v2&amp;px=999" role="button" title="rules.jpg" alt="rules.jpg" /></span></P><P>&nbsp;</P> Thu, 04 Sep 2025 17:41:35 GMT https://community.cisco.com/t5/network-security/ssl-decryption-exception-fail/m-p/5327226#M1122579 Otvforte 2025-09-04T17:41:35Z https://community.cisco.com/t5/network-security/ssl-decryption-exception-fail/m-p/5327241#M1122580 <P>The key here I think is tls 1.2 vs tls 1.3&nbsp;</P> <P>MHM</P> Thu, 04 Sep 2025 18:39:34 GMT https://community.cisco.com/t5/network-security/ssl-decryption-exception-fail/m-p/5327241#M1122580 MHM Cisco World 2025-09-04T18:39:34Z https://community.cisco.com/t5/network-security/ssl-decryption-exception-fail/m-p/5327246#M1122581 <P>I would agree that it could be a problem, firewall not being able to look at the certificate and match URL, but it was working prior to upgrade to 7.6.2, so maybe is anoter sort of problem. I'll reset the firewall and try again with the previous version.</P> Thu, 04 Sep 2025 18:51:27 GMT https://community.cisco.com/t5/network-security/ssl-decryption-exception-fail/m-p/5327246#M1122581 Otvforte 2025-09-04T18:51:27Z https://community.cisco.com/t5/network-security/ssl-decryption-exception-fail/m-p/5327251#M1122583 <P>There is option to select tls 1.3 in ssl policy and tls 1.3 decryption&nbsp;</P> <P>Before downgrade check these options&nbsp;</P> <P>Also you can capture traffic in ftd interface and check tls ver use&nbsp;</P> <P>MHM</P> Thu, 04 Sep 2025 18:55:58 GMT https://community.cisco.com/t5/network-security/ssl-decryption-exception-fail/m-p/5327251#M1122583 MHM Cisco World 2025-09-04T18:55:58Z