Last Manual Decryption Rules: Block or Monitor Certificates and Protocol Versions

The last decryption rules, because they are the most specific and require the most processing, are rules that either monitor or block bad certificates and unsecure protocol versions.

After you run the decryption policy wizard, edit the policy to add the following rules. Drag them to a position before the Decrypt - Resign rule.

These sample rules block traffic with either bad certificates or old TLS/SSL protocol versions.

Rule details:

This sample rule allows certificates that are valid and blocks the rest (for example, invalid certificates).

This sample rule blocks traffic with either the SSL 3.0 or TLS 1.0 protocols.