Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1155
Views
0
Helpful
3
Replies

"Decryption error"

ashaw216
Level 1
Level 1

‎04-18-2018 05:04 AM - edited ‎02-21-2020 07:38 AM

Running FP 8130 appliances, within FP Management we are seeing "Decryption Error" for port 443 traffic. We have a valid root cert for the MtM decryption process. Where can we find more information about WHY this has a "Decryption Error"?

 

Labels:
0 Helpful
3 Replies 3

yogdhanu
Cisco Employee
Cisco Employee

‎04-18-2018 05:22 AM

Hi

 

What's the version of firmware running and exact error?

Are you using decrypt resign or decrypt with known key?

 

Thanks

Yogesh

0 Helpful

ashaw216
Level 1
Level 1
In response to yogdhanu

‎04-18-2018 06:33 AM

6.1.0, under SSL Status it says "Do Not Decrypt (Decryption Error)"

 

We are using Decrypt - Resign.

 

 

0 Helpful

yogdhanu
Cisco Employee
Cisco Employee
In response to ashaw216

‎04-19-2018 03:29 AM

Hi

 

You can try using this command on the sensor CLI

system support ssl-client-hello-tuning extensions_remove 16,13172

This would make sure some extensions which are not supported on firepower are removed from client hello.

The error details need be found using SSL debugs which would require TAC case.

 

Hope it helps,

yogesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card