04-07-2021 10:28 PM
Hi All,
I have setup a SSL decryption Known key to protect our web servers.
Seems like it's working as events show most SSL connections are "Decrypt (Known Key)" in SSL Status, and show URL details.
However, there are still some SSL connections are "Do not decrypt" in SSL Status.
Anyway to show or trace the reason for "Do not decrypt" connections?
Thanks,
Roy
Solved! Go to Solution.
04-09-2021 07:42 AM
Are the "Do not decrypt" event to the addresses of the web servers you have in your SSL decrypt policies? If so, it could be the initial communications setup while SSL/TLS is being negotiated (i.e., the TLS handshake).
There are also several "Undecryptable actions" that you can see in the SSL policy page tab of the same name.
I also recommend looking at BRKSEC-3063 from Cisco Live 2020. It has lots of additional information.
04-09-2021 07:42 AM
Are the "Do not decrypt" event to the addresses of the web servers you have in your SSL decrypt policies? If so, it could be the initial communications setup while SSL/TLS is being negotiated (i.e., the TLS handshake).
There are also several "Undecryptable actions" that you can see in the SSL policy page tab of the same name.
I also recommend looking at BRKSEC-3063 from Cisco Live 2020. It has lots of additional information.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: