Cisco Bug: CSCum63122 - ENH: Improve CX handling of denied TLS/SSL flows without decryption
Aug 19, 2016
- Cisco ASA Next-Generation Firewall Services
Known Affected Releases
Symptom: Starting in version 9.2, CX has the ability to filter TLS/SSL connections without a full decryption policy. However, since the connections are not being decrypted, CX can't inject a deny page into the flow when a site is blocked. The current behavior is that the flow is immediately and silently dropped after the certificate exchange. Conditions: This is an enhancement request to improve the end user behavior for these types of connections.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases