Cisco Cisco Web Security Appliance S390 ユーザーガイド
Chapter 10 Decryption Policies
Decrypting HTTPS Traffic
10-14
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Notice that in
, there are two different HTTPS connections, one
between the client and the appliance, and one between the appliance and the
server. The appliance performs the SSL handshake twice, once with the client and
again with the server:
server. The appliance performs the SSL handshake twice, once with the client and
again with the server:
•
SSL handshake with the server. When the appliance performs the SSL
handshake with the server, it acts as if it were the client sending a request to
the server. After it establishes a secure connection with the server, it can begin
receiving the encrypted data. Because it acts as the client and participates in
the SSL handshake, it has agreed upon a temporary symmetric key with the
server so it can decrypt and read the data the server sends. Also, the appliance
receives the server’s digital certificate.
handshake with the server, it acts as if it were the client sending a request to
the server. After it establishes a secure connection with the server, it can begin
receiving the encrypted data. Because it acts as the client and participates in
the SSL handshake, it has agreed upon a temporary symmetric key with the
server so it can decrypt and read the data the server sends. Also, the appliance
receives the server’s digital certificate.
•
SSL handshake with the client. When the appliance performs the SSL
handshake with the client, it acts as if it were the requested server providing
data the client requests. In order to perform the SSL handshake with the
client, it must send the client its own digital certificate. However, the client
expects the certificate of the requested server, so the appliance mimics the
requested server’s certificate by specifying a root certificate authority
uploaded or configured by an appliance administrator.
handshake with the client, it acts as if it were the requested server providing
data the client requests. In order to perform the SSL handshake with the
client, it must send the client its own digital certificate. However, the client
expects the certificate of the requested server, so the appliance mimics the
requested server’s certificate by specifying a root certificate authority
uploaded or configured by an appliance administrator.
For more information about how the server mimics the server’s certificate, see
.
Note
Because the appliance signs the server certificate with a different root
certificate authority and sends that to the client, you must verify the client
applications on the network recognize the root certificate authority. For
more information, see
certificate authority and sends that to the client, you must verify the client
applications on the network recognize the root certificate authority. For
more information, see
After the two separate HTTPS connections are established, the following actions
occur:
occur:
1.
Encrypted data is received from the server.
2.
The temporary, symmetric key negotiated with the server is used to decrypt
the data.
the data.
3.
Access Policies are applied to the decrypted traffic as if it were a plaintext
HTTP connection. For more information about Access Policies, see
HTTP connection. For more information about Access Policies, see