CVE with Verification Bypass enabled

In addition to the verification options, SSL support includes an option for Verification Bypass (Configure > SSL > Validation > Verification Bypass). This feature is turned on by default and means that when certificate verification fails, a dialog box warns the user that a failure has occurred and gives the user the option to go to the site anyway.

Advantages include:
  • Certificate verification is performed and incidents are logged, but users aren’t blocked. Users are allowed to make the decision about whether a site is safe.
  • Administrators can see how the CVE affects the network before allowing it to impact users or require an administrator response.
  • By monitoring the Incident List, administrators can put remediation measures in place before enforcing certificate verification and impacting users.
  • Verification bypass provides a response to users that is much like the warning dialogs used by common browsers.
Disadvantages include:
  • Security is compromised because the choice to drop the connection is given to the user.
  • In cases where the HTTPS request is for an object embedded in the page or in another page, and its certificate verification fails, the bypass page may not render.