Add bypass applications

This task discusses how to bypass decryption for applications (typically because those applications are undecryptable due to their using certificate pinning as discussed in About TLS/SSL pinning).

Before you begin

Complete the tasks discussed in Create a standard decryption policy with outbound protection.

Procedure

Step 1

Select the Bypass decryption of known undecryptable applications check box.

Step 2

Click Edit applications.

Step 3

From the list, do any of the following:

  • Click Select All to select all applications that Cisco has determined are undecryptable.

  • Select the check box next to the name of an application for which to bypass decryption.

  • Clear the check box next to the name of an application to decrypt connections to anyway.

The following figure shows an example.

Opt to bypass decrypting applications that are undecryptable, typically due to certificate pinning.

Step 4

Under Selected applications and filters, click Add New to add applications or application filters to bypass. Click Help for more information.

Step 5

Click Save.

Step 6

If you're finished configuring your policy, see Decryption policy actions.