Preview Tool

Cisco Bug: CSCum63122 - ENH: Improve CX handling of denied TLS/SSL flows without decryption

Last Modified

Aug 19, 2016

Products (1)

  • Cisco ASA Next-Generation Firewall Services

Known Affected Releases


Description (partial)

Starting in version 9.2, CX has the ability to filter TLS/SSL connections without a full decryption policy. However, since the connections are not being decrypted, CX can't inject a deny page into the flow when a site is blocked. 
The current behavior is that the flow is immediately and silently dropped after the certificate exchange.

This is an enhancement request to improve the end user behavior for these types of connections.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.