I tired to setup SSL decryption following the documentation from Cisco.
I was getting an error in the browser ERR_SSL_VERSION_INTERFERENCE
This is because the FTD tells the web server that it supports http2 which it actually doesn't so you have to disable that and use http1.1
From Cisco TAC:
Here is the command regarding disabling HTTPv2.0 on firepower:
> system support ssl-client-hello-tuning extensions_remove 16,13172
Then you need to restart snort using following command on expert mode, this will cause network outage for a few seconds
>expert
# sudo pmtool restartbytype snort
No comments:
Post a Comment