SSLUndecryptableActions
Description
An object that defines the actions for cases where the SSL decryption policy fails to decrypt the traffic. (Note: The field level constraints listed here might not cover all the constraints on the field. Additional constraints might exist.)
Model Properties
| Property | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| compressedSession | True | string | An enum value that defines the action to take if data compression was applied to the connection. Possible values are: INHERIT_DEFAULT_ACTION - The default action set in SSLPolicy will be applied to the traffic. DO_NOT_DECRYPT - Do not decrypt the traffic. Encrypted connections are subsequently evaluated by the access control policy, which determines the ultimate allow or block decision. BLOCK - Drop the connection immediately. The connection is not passed on to the access control policy. BLOCK_WITH_RESET - Drop and reset the connection. The connection is not passed on to the access control policy. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| sslV2Session | True | string | An enum value that defines the action to take if the traffic is encrypted with SSL version 2 (the minimum supported SSL version is SSLv3). Possible values are: INHERIT_DEFAULT_ACTION - The default action set in SSLPolicy will be applied to the traffic. DO_NOT_DECRYPT - Do not decrypt the traffic. Encrypted connections are subsequently evaluated by the access control policy, which determines the ultimate allow or block decision. BLOCK - Drop the connection immediately. The connection is not passed on to the access control policy. BLOCK_WITH_RESET - Drop and reset the connection. The connection is not passed on to the access control policy. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| unknownCipherSuite | True | string | An enum value that defines the action to take if the system does not recognize the cipher suite for the connection. Possible values are: INHERIT_DEFAULT_ACTION - The default action set in SSLPolicy will be applied to the traffic. DO_NOT_DECRYPT - Do not decrypt the traffic. Encrypted connections are subsequently evaluated by the access control policy, which determines the ultimate allow or block decision. BLOCK - Drop the connection immediately. The connection is not passed on to the access control policy. BLOCK_WITH_RESET - Drop and reset the connection. The connection is not passed on to the access control policy. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| unsupportedCipherSuite | True | string | An enum value that defines the action to take if the system does not support decryption based on the detected cipher suite. Possible values are: INHERIT_DEFAULT_ACTION - The default action set in SSLPolicy will be applied to the traffic. DO_NOT_DECRYPT - Do not decrypt the traffic. Encrypted connections are subsequently evaluated by the access control policy, which determines the ultimate allow or block decision. BLOCK - Drop the connection immediately. The connection is not passed on to the access control policy. BLOCK_WITH_RESET - Drop and reset the connection. The connection is not passed on to the access control policy. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| sessionNotCached | True | string | An enum value that defines the action to take if the SSL session has session reuse enabled, the client and server reestablished the session with the session identifier, but the system did not cache that session identifier. Possible values are: INHERIT_DEFAULT_ACTION - The default action set in SSLPolicy will be applied to the traffic. DO_NOT_DECRYPT - Do not decrypt the traffic. Encrypted connections are subsequently evaluated by the access control policy, which determines the ultimate allow or block decision. BLOCK - Drop the connection immediately. The connection is not passed on to the access control policy. BLOCK_WITH_RESET - Drop and reset the connection. The connection is not passed on to the access control policy. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| handShakeErrors | True | string | An enum value that defines the action to take if an error occurred during the SSL handshake negotiation. Possible values are: INHERIT_DEFAULT_ACTION - The default action set in SSLPolicy will be applied to the traffic. DO_NOT_DECRYPT - Do not decrypt the traffic. Encrypted connections are subsequently evaluated by the access control policy, which determines the ultimate allow or block decision. BLOCK - Drop the connection immediately. The connection is not passed on to the access control policy. BLOCK_WITH_RESET - Drop and reset the connection. The connection is not passed on to the access control policy. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| decryptionErrors | True | string | An enum value that defines the action to take if an error occurred during the decryption operation. Possible values are: BLOCK - Drop the connection immediately. The connection is not passed on to the access control policy. BLOCK_WITH_RESET - Drop and reset the connection. The connection is not passed on to the access control policy. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | |||