cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1813
Views
0
Helpful
3
Replies

SSL Decryption unsupported cipher suite

lupingyao
Level 1
Level 1

Hi,

We have a FTD and want to use SSL Decryption to protect my Exchange Server from outside, but after I configure the SSL Decryption, I got the Error Message: " not decrypt unsupported cipher suite", how can I find which cipher Suite not work? is there any command in FTD to find out?

 

Regards

 

Robin 

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

There is a listing in the configuration guide.

 

Look here:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/decryption_tuning_using_ssl_rules.html#ID-2255-000006c2

 

..and search for "Cipher Suite SSL Rule Conditions"

Hi Marvin,

thanks for your answer!
I dont need build the Rule condition, i use "any", still got "unsupported cipher suite", so i would like to find which one from my exchange Server is "unsupported cipher suite", how can I find ? is there any show in lina CLI? Than I can disable in my Exchange Server...

regards

Robin

You might be able to discern it from one of the more verbose debug commands.

 

However I'd suggest doing a packet capture instead. Wireshark is pretty good at showing you an SSL/TLS negotiation failure.

Review Cisco Networking for a $25 gift card