Before enabling SSL decryption, you need to make sure that a root certificate has been added.
To enable or disable SSL connection decryption:
In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.
This opens the Policy tab.
Select SSL Inspection → General.
Set the Decrypt encrypted connections toggle switch to On or Off. By default, SSL traffic decryption is disabled.
If you have enabled SSL decryption, in the Minimum supported TLS version for decryption drop-down list, select a TLS/SSL protocol version to block TLS/SSL connections that have an earlier version than specified.
You can set only the minimum supported protocol version. For maximum security, we recommend specifying TLS protocol version 1.2 or later.
A connection attempt with a protocol version earlier than the specified version is blocked and Kaspersky NGFW sends a TCP RST in both directions.
Apply the OSMP policy changes by clicking the Commit and push button.