SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates

The firewall supports Elliptical Curve Cryptography (ECC) certificates.
The firewall automatically decrypts SSL traffic from websites and applications using ECC certificates, including Elliptical Curve Digital Signature Algorithm (ECDSA) certificates. As organizations transition to using ECC certificates to benefit from the strong keys and small certificate size, you can continue to maintain visibility into and safely enable ECC-secured application and website traffic.
Decryption for websites and applications using ECC certificates is not supported for traffic that is mirrored to the firewall; encrypted traffic using ECC certificates must pass through the firewall directly for the firewall to decrypt it.
You cannot use a hardware security module (HSM) to store the private keys associated with ECDSA certificates.

Related Documentation