< Home

display profile type decryption

Function

The display profile type decryption command displays information about the SSL-encrypted traffic detection profile.

Format

display profile type decryption [ name profile-name ]

Parameters

Parameter Description Value
name profile-name Specifies information about a specified SSL-encrypted traffic detection profile. The SSL-encrypted traffic detection profile must exist.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

If the detection profile name is known, you can set name profile-name in the display profile type decryption command to display information about the specified SSL-encrypted traffic detection profile. If name profile-name is not specified, the system displays information about all configured SSL-encrypted traffic detection profiles.

Example

# Display configuration information of all SSL-encrypted traffic detection profiles.

<sysname> display profile type decryption
 Encrypted-Traffic-Detection Profile Configurations:
 Total Profiles: 1                                  
 --------------------------------------------------------------                                                                     
                                                    
  Encrypted-Traffic-Detection Profile Name: profile    
  Description Text     :                            
  Vsys Name            : public                     
  Refered Number       : 0                          
  Detect Type          : outbound                   
  Mirror Interface     : Eth-Trunk21                
  Action Configurations:                            
  ---------------------------------------------------------------                                                                   
  client-auth             allow                     
  untrust-certificate     allow                     
  sni-cn-mismatch         allow                     
  unsupport ssl-version   allow                     
  unsupport ssl-cipher    allow                     
  ---------------------------------------------------------------                                                                   
  Version and Cipher Configurations:                
  ---------------------------------------------------------------                                                                   
  ssl-version server-side   ssl3.0 tls1.0 tls1.1 tls1.2 tls1.3                                                                             
  ssl-version client-side   ssl3.0 tls1.0 tls1.1 tls1.2 tls1.3                                                                             
  ssl-cipher server-side   low medium high          
  ssl-cipher client-side   low medium high          
  ---------------------------------------------------------------
Table 1 Description of the display profile type decryption command output

Item

Description

Total Profiles

Total number of SSL-encrypted traffic detection profiles

Profile Name

Name of an SSL-encrypted traffic detection profile

Description Text

Indicates description of the SSL-encrypted traffic detection profile.

Vsys Name

Virtual system name

Refered Number

Indicates the number of times that a detection profile is referenced by the SSL-encrypted traffic detection policy.

Mirror-Interface

Indicates the mirrored interface of decrypted SSL traffic.

Detect Type
Indicates the type of the SSL-encrypted traffic detection profile. Value options are as follows:
  • inbound: inbound
  • outbound: outbound
  • no-decrypt: no-decrypt
This parameter can be configured using the detect type command.

Action Configurations:
Indicates the detection action. Value options are as follows:
  • client-auth: The system blocks an SSL connection if the client certificate needs to be verified.
  • untrust-certificate: The system blocks an SSL connection if a certificate is untrusted.
  • sni-cn-mismatch: The system blocks an SSL connection if the SNI and SAN/CN are inconsistent.
  • unsupport ssl-version: The system blocks an SSL connection if the SSL version is not supported.
  • unsupport ssl-cipher: The system blocks an SSL connection if the encryption algorithm is not supported.

Version and Cipher Configurations:
Indicates the SSL version and algorithm configurations. Value options are as follows:
  • ssl-version server-side: SSL protocol version used by the FW when the FW establishes an SSL connection with the server.
  • ssl-version client-side: SSL protocol version used by the FW when the FW establishes an SSL connection with the client.
  • ssl-cipher server-side: SSL encryption version used by the FW when the FW establishes an SSL connection with the server.
  • ssl-cipher client-side: SSL encryption version used by the FW when the FW establishes an SSL connection with the client.
Parent Topic: SSL-Encrypted Traffic Detection Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >