cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1181
Views
0
Helpful
1
Replies

FirePower SSL decryption Known Key

Roy Lee
Beginner
Beginner

Hi All,

I have setup a SSL decryption Known key to protect our web servers.

Seems like it's working as events show most SSL connections are "Decrypt (Known Key)" in SSL Status, and show URL details.

However, there are still some SSL connections are "Do not decrypt" in SSL Status.

Anyway to show or trace the reason for "Do not decrypt" connections?

Thanks,

Roy

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

Are the "Do not decrypt" event to the addresses of the web servers you have in your SSL decrypt policies? If so, it could be the initial communications setup while SSL/TLS is being negotiated (i.e., the TLS handshake).

There are also several "Undecryptable actions" that you can see in the SSL policy page tab of the same name.

I also recommend looking at BRKSEC-3063 from Cisco Live 2020. It has lots of additional information.

View solution in original post

1 Reply 1

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

Are the "Do not decrypt" event to the addresses of the web servers you have in your SSL decrypt policies? If so, it could be the initial communications setup while SSL/TLS is being negotiated (i.e., the TLS handshake).

There are also several "Undecryptable actions" that you can see in the SSL policy page tab of the same name.

I also recommend looking at BRKSEC-3063 from Cisco Live 2020. It has lots of additional information.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers