04-07-2021 10:28 PM
Hi All,
I have setup a SSL decryption Known key to protect our web servers.
Seems like it's working as events show most SSL connections are "Decrypt (Known Key)" in SSL Status, and show URL details.
However, there are still some SSL connections are "Do not decrypt" in SSL Status.
Anyway to show or trace the reason for "Do not decrypt" connections?
Thanks,
Roy
Solved! Go to Solution.
04-09-2021 07:42 AM
Are the "Do not decrypt" event to the addresses of the web servers you have in your SSL decrypt policies? If so, it could be the initial communications setup while SSL/TLS is being negotiated (i.e., the TLS handshake).
There are also several "Undecryptable actions" that you can see in the SSL policy page tab of the same name.
I also recommend looking at BRKSEC-3063 from Cisco Live 2020. It has lots of additional information.
04-09-2021 07:42 AM
Are the "Do not decrypt" event to the addresses of the web servers you have in your SSL decrypt policies? If so, it could be the initial communications setup while SSL/TLS is being negotiated (i.e., the TLS handshake).
There are also several "Undecryptable actions" that you can see in the SSL policy page tab of the same name.
I also recommend looking at BRKSEC-3063 from Cisco Live 2020. It has lots of additional information.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide