Cisco Cisco Web Security Appliance S670 User Guide
10-13
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Chapter 10 Decryption Policies
Decrypting HTTPS Traffic
Decrypting HTTPS Traffic
The request and response data is encrypted for HTTPS connections before it is
sent across the network. Because the data is encrypted, third parties can view the
data, but cannot decrypt it to read its contents without the private key of the
HTTPS server.
sent across the network. Because the data is encrypted, third parties can view the
data, but cannot decrypt it to read its contents without the private key of the
HTTPS server.
shows an HTTPS connection between a client and a HTTPS server.
Figure 10-3
HTTPS Connection
The Web Security appliance does not have access to the server’s private key, so in
order to inspect the traffic between the client and the server, it must intercept the
connection and break the connection into two separate connections. The appliance
acts as an intermediary between the client and the server pretending to be the
server to the client, and the client to the server. This is sometimes referred to as
being the “man in the middle.”
order to inspect the traffic between the client and the server, it must intercept the
connection and break the connection into two separate connections. The appliance
acts as an intermediary between the client and the server pretending to be the
server to the client, and the client to the server. This is sometimes referred to as
being the “man in the middle.”
shows an HTTPS connection between a client and a HTTPS server
that goes through the Web Security appliance.
Figure 10-4
HTTPS Connection Decrypted by the Web Security Appliance
Client
Server
Client
Server
Web Security Appliance