Here are several DPI error events and their meanings:
| Event | Details |
|---|---|
| Base 64 Decoding Error | Packet content that was expected to be encoded in Base64 format was not encoded correctly. |
| Client Attempted to Rollback | A client attempted to roll back to an earlier version of the SSL protocol instead of the version specified in the ClientHello message. |
| Corrupted Deflate/GZIP Content | Corrupted Deflate/GZIP Content |
| Deflate/GZIP Checksum Error | Deflate/GZIP Checksum Error |
| Double Decoding Exploit | Double decoding exploit attempt (%25xx, %25%xxd, etc.) |
| Edit Too Large | Editing attempted to increase the size of the region above the maximum allowed size (8188 bytes). |
| Error Decrypting Pre-master Key | Unable to unwrap the pre-master secret from the ClientKeyExchange message. |
| Error Generating Master Key(s) | Unable to derive the cryptographic keys, Mac secrets, and initialization vectors from the master secret. |
| Error Generating Pre-Master Request | An error occurred when trying to queue the pre-master secret for decryption. |
| Handshake Message (not ready) | The SSL state engine has encountered a handshake message after the handshake has been negotiated. |
| Illegal Character in URI | Illegal character used in URI |
| Incomplete Deflate/GZIP Content | Corrupted deflate/gzip content |
| Incomplete UTF8 Sequence | URI ended in middle of utf8 sequence |
| Int Min/Max/Choice Constraint Failure | A protocol decoding rule decoded data that did not meet the protocol content constraints. |
| Internal Error | The protocol decoding engine detected an internal corruption while processing a loop or nested type. |
| Invalid Hex Encoding | %nn where nn are not hex digits |
| Invalid Lexical Instruction | An internal error occurred causing the protocol decoding stack to become corrupt and stop processing for the connection. |
| Invalid Parameters In Handshake | An invalid value was encountered while trying to decode the handshake protocol. |
| Invalid Traversal | Tried to use "../../" above root |
| Invalid Use of Character | Used disabled character |
| Invalid UTF8 encoding | Invalid/non-canonical encoding attempt |
| Key Exchange Error | The server attempted to establish an SSL session with temporarily generated key. |
| Key Too Large | The master secret keys are larger than what was specified by the protocol identifier. |
| Max Matches in Packet Exceeded | There are more than 2048 positions in the packet with pattern match occurrences. An error is returned at this limit and the connection is dropped because this usually indicates a garbage or evasive packet. |
| Maximum Edits Exceeded | The maximum number of edits (32) in a single region of a packet was exceeded. |
| Memory Allocation Error | The packet could not be processed properly because resources were exhausted. This may happen when too many current connections require buffering (max 2048) or matching resources (max 128) at the same time, or because of excessive matches in a single IP packet (max 2048), or because the system is out of memory. |
| Out Of Order Handshake Message | A well formatted handshake message has been encountered out of sequence. |
| Packet Read Error | Low level problem reading packet data. |
| Record Layer Message | The SSL state engine has encountered an SSL record before initialization of the session. |
| Region Too Big | A region (edit region, uri, etc.) exceeded the maximum allowed buffering size (7570 bytes) without being closed. This is usually because the data does not conform to the protocol. |
| Renewal Error | An SSL session was being requested with a cached session key that could not be located. |
| Runtime Error | Runtime error |
| Search Limit Reached | A protocol decoding rule defined a limit for a search or pdu object but the object was not found before reaching the limit. |
| Stack Depth | A rule programming error attempted to cause recursion or used many nested procedure calls. |
| Type Nesting Too Deep | A protocol decoding rule encountered a type definition and packet content that caused the maximum type nesting depth (16) to be exceeded. |
| Unsupported Cipher | An unknown or unsupported Cipher Suite was requested. To prevent this issue, you can disable the unsupported cipher or create a Bypass Firewall rule for DPI checking. For more information, refer to the Supported cipher suites topic on Deep Security Help Center. |
| Unsupported Deflate/GZIP Dictionary | Unsupported Deflate/GZIP Dictionary |
| Unsupported GZIP Header Format/Method | Unsupported GZIP Header Format/Method |
| Unsupported SSL Version | A client attempted to negotiate an SSL V2 session. |
| URI Path Depth Exceeded | Too many "/" separators, max 100 path depth |
| URI Path Length Too Long | Path length is greater than 512 characters. |