1. TLS Decryptor
   1. An SSL appliance designed to decrypt secure socket layer (SSL) traffic and send it to security and network appliances for inspection.
2. Installation
   1. SSL/TLS decryption of all traffic is very resource intensive.
   2. In enterprise environments, SSL/TLS appliances may be standalone appliances.
   3. In SOHO or single campus networks, if these devices are deployed, they are typically on-box, and share the resources of the machine on which it is installed.
3. Operation
   1. Depending on your installation, SSL/TLS appliances may allow only inbound or outbound inspection at a given time. This depends on the compute given to the decryptor.
   2. Other interface options may also exist, such as:
      1. Fail-open capability
      2. Traffic bypass filters
      3. Port monitoring (mirroring)
      4. Logging
      5. Transparent proxy
      6. Detection of SSL/TLS sessions on ports other than 443
      7. Support for both passive and inline configurations
4. Typical Security Functions
   1. Encryption:
      1. SSL
         1. SSL3
         2. SSL2
      2. TLS
         1. TLS 1.0
         2. TLS 1.1
         3. TLS 1.2
         4. TLS 1.3
      3. Notes:
         1. TLS v1.1 and above are typically only found on standalone devices.
         2. TLS v1.2 and above are only found on high-end standalone devices.
   2. Proxy Mode:
      1. Transparent
   3. Hashing Algorithms:
      1. MD5
      2. SHA-1
   4. Hardware-Dependent:
      1. Public Key Algorithms:
         1. RSA
         2. DSA
         3. DH
      2. Symmetric Key Algorithms:
         1. AES
         2. 3DES
         3. DES
         4. RC4
      3. RSA Keys:
         1. 512 bits
         2. 1024 bits
         3. 2048 bits
         4. 4096 bits
         5. 8172 bits