Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1855
Views
0
Helpful
0
Replies

SSL Decryption - DN & CN to Bypass - TLS1.3

Sakun Sharma
Level 1
Level 1

‎01-29-2020 02:41 PM - edited ‎02-21-2020 09:52 AM

Hi

 

I want to bypass SSL decryption for few websites like Google, Apple, YouTube using DNs. How can I add that if certificate issued to Organization is Google LLC then do no decrypt? I tried O=Google LLC, didn't worked. I tried CN=*.google.com didn't worked as well.

 

Device - FTD 2130 running version 6.5.0.2 (same for FMC)

 

I do not want to use Application based, as there are lot of bugs around it. I hit UNSUPPORTED_EC_CURVE error, which TAC is trying to resolve, but still not working. Somewhere read, do no use Application based SSL rule.

 

I am having lots of issue with TLS1.3 sites with EC. Decryption FMC cert is SHA2 - RSA SubCA.

 

Thanks

 

1 person had this problem
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card