diff --git a/src/main/java/com/nis/domain/configuration/BaseIpCfg.java b/src/main/java/com/nis/domain/configuration/BaseIpCfg.java
index 7a997f38c..9d0085c71 100644
--- a/src/main/java/com/nis/domain/configuration/BaseIpCfg.java
+++ b/src/main/java/com/nis/domain/configuration/BaseIpCfg.java
@@ -405,6 +405,7 @@ public class BaseIpCfg extends BaseCfg<BaseIpCfg> {
 	protected Integer certTransparency;
 	protected Integer clientCertReq;
 	protected Integer pinning;
+	protected Integer protocolErrors;
 	protected Integer cn;
 	protected Integer issuer;
 	protected Integer selfSigned;
@@ -446,6 +447,12 @@ public class BaseIpCfg extends BaseCfg<BaseIpCfg> {
 	}
 	public void setPinning(Integer pinning) {
 		this.pinning = pinning;
+	}	
+	public Integer getProtocolErrors() {
+		return protocolErrors;
+	}
+	public void setProtocolErrors(Integer protocolErrors) {
+		this.protocolErrors = protocolErrors;
 	}
 	public Integer getCn() {
 		return cn;
diff --git a/src/main/java/com/nis/domain/configuration/BaseStringCfg.java b/src/main/java/com/nis/domain/configuration/BaseStringCfg.java
index 67afb4c40..3c6be097f 100644
--- a/src/main/java/com/nis/domain/configuration/BaseStringCfg.java
+++ b/src/main/java/com/nis/domain/configuration/BaseStringCfg.java
@@ -294,6 +294,7 @@ public class BaseStringCfg<T> extends BaseCfg<T> {
 	protected Integer certTransparency;
 	protected Integer clientCertReq;
 	protected Integer pinning;
+	protected Integer protocolErrors;
 	protected Integer cn;
 	protected Integer issuer;
 	protected Integer selfSigned;
@@ -335,6 +336,12 @@ public class BaseStringCfg<T> extends BaseCfg<T> {
 	}
 	public void setPinning(Integer pinning) {
 		this.pinning = pinning;
+	}	
+	public Integer getProtocolErrors() {
+		return protocolErrors;
+	}
+	public void setProtocolErrors(Integer protocolErrors) {
+		this.protocolErrors = protocolErrors;
 	}
 	public Integer getCn() {
 		return cn;
diff --git a/src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java b/src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java
index 10bb84172..443d8722c 100644
--- a/src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java
+++ b/src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java
@@ -18,27 +18,29 @@ public class PxyInterceptCfg extends CfgIndexInfo {
 	private String clientCertReq;
 	@ExcelField(title="exclusions_pinning",dictType="SYS_YES_NO",sort=12)
 	private String pinning;
-	@ExcelField(title="cert_verify_approach_cn",dictType="SYS_YES_NO",sort=13)
+	@ExcelField(title="exclusions_protocol_errors",dictType="SYS_YES_NO",sort=13)
+	private String protocolErrors;
+	@ExcelField(title="cert_verify_approach_cn",dictType="SYS_YES_NO",sort=14)
 	private String cn;
-	@ExcelField(title="cert_verify_approach_issuer",dictType="SYS_YES_NO",sort=14)
+	@ExcelField(title="cert_verify_approach_issuer",dictType="SYS_YES_NO",sort=15)
 	private String issuer;
-	@ExcelField(title="cert_verify_approach_self_signed",dictType="SYS_YES_NO",sort=15)
+	@ExcelField(title="cert_verify_approach_self_signed",dictType="SYS_YES_NO",sort=16)
 	private String selfSigned;
-	@ExcelField(title="cert_verify_approach_expiration",dictType="SYS_YES_NO",sort=16)
+	@ExcelField(title="cert_verify_approach_expiration",dictType="SYS_YES_NO",sort=17)
 	private String expiration;
-	@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",sort=17)
+	@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",sort=18)
 	private String failMethod;
-	@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",sort=18)
+	@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",sort=19)
 	private String min;
-	@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",sort=19)
+	@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",sort=20)
 	private String max;
-	@ExcelField(title="ssl_ver_mirror_client",dictType="SYS_YES_NO",sort=20)
+	@ExcelField(title="ssl_ver_mirror_client",dictType="SYS_YES_NO",sort=21)
 	private String mirrorClient;
-	@ExcelField(title="ssl_ver_allow_http2",dictType="SYS_YES_NO",sort=21)
+	@ExcelField(title="ssl_ver_allow_http2",dictType="SYS_YES_NO",sort=22)
 	private String allowHttp2;
-	@ExcelField(title="decrypt_mirror_enable",dictType="SYS_YES_NO",sort=22)
+	@ExcelField(title="decrypt_mirror_enable",dictType="SYS_YES_NO",sort=23)
 	private String enable;
-	@ExcelField(title="decrypt_mirror_mirror_profile",sort=23)
+	@ExcelField(title="decrypt_mirror_mirror_profile",sort=24)
 	private String mirrorProfile;
 	private String userRegion1;
 	private String userRegion2;
@@ -74,6 +76,12 @@ public class PxyInterceptCfg extends CfgIndexInfo {
 	}
 	public void setPinning(String pinning) {
 		this.pinning = pinning;
+	}	
+	public String getProtocolErrors() {
+		return protocolErrors;
+	}
+	public void setProtocolErrors(String protocolErrors) {
+		this.protocolErrors = protocolErrors;
 	}
 	public String getCn() {
 		return cn;
diff --git a/src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java b/src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java
index aee4be801..256425910 100644
--- a/src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java
+++ b/src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java
@@ -13,6 +13,8 @@ public class InterceptDomainTemplate extends StringAllNotDoLogTemplate {
 	
 	private Integer pinning;
 	
+	private Integer protocolErrors;
+	
 	private Integer cn;
 	
 	private Integer issuer;
@@ -70,77 +72,84 @@ public class InterceptDomainTemplate extends StringAllNotDoLogTemplate {
 	public void setPinning(Integer pinning) {
 		this.pinning = pinning;
 	}
-	@ExcelField(title="cert_verify_approach_cn",align=2,sort=22)
+	@ExcelField(title="protocol_errors",align=2,sort=22)
+	public Integer getProtocolErrors() {
+		return protocolErrors;
+	}
+	public void setProtocolErrors(Integer protocolErrors) {
+		this.protocolErrors = protocolErrors;
+	}
+	@ExcelField(title="cert_verify_approach_cn",align=2,sort=23)
 	public Integer getCn() {
 		return cn;
 	}
 	public void setCn(Integer cn) {
 		this.cn = cn;
 	}
-	@ExcelField(title="cert_verify_approach_issuer",align=2,sort=23)
+	@ExcelField(title="cert_verify_approach_issuer",align=2,sort=24)
 	public Integer getIssuer() {
 		return issuer;
 	}
 	public void setIssuer(Integer issuer) {
 		this.issuer = issuer;
 	}
-	@ExcelField(title="cert_verify_approach_self_signed",align=2,sort=24)
+	@ExcelField(title="cert_verify_approach_self_signed",align=2,sort=25)
 	public Integer getSelfSigned() {
 		return selfSigned;
 	}
 	public void setSelfSigned(Integer selfSigned) {
 		this.selfSigned = selfSigned;
 	}
-	@ExcelField(title="cert_verify_approach_expiration",align=2,sort=25)
+	@ExcelField(title="cert_verify_approach_expiration",align=2,sort=26)
 	public Integer getExpiration() {
 		return expiration;
 	}
 	public void setExpiration(Integer expiration) {
 		this.expiration = expiration;
 	}
-	@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",align=2,sort=26)
+	@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",align=2,sort=27)
 	public String getFailMethod() {
 		return failMethod;
 	}
 	public void setFailMethod(String failMethod) {
 		this.failMethod = failMethod;
 	}
-	@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",align=2,sort=27)
+	@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",align=2,sort=28)
 	public String getMin() {
 		return min;
 	}
 	public void setMin(String min) {
 		this.min = min;
 	}
-	@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",align=2,sort=28)
+	@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",align=2,sort=29)
 	public String getMax() {
 		return max;
 	}
 	public void setMax(String max) {
 		this.max = max;
 	}
-	@ExcelField(title="ssl_ver_mirror_client",align=2,sort=29)
+	@ExcelField(title="ssl_ver_mirror_client",align=2,sort=30)
 	public Integer getMirrorClient() {
 		return mirrorClient;
 	}
 	public void setMirrorClient(Integer mirrorClient) {
 		this.mirrorClient = mirrorClient;
 	}
-	@ExcelField(title="ssl_ver_allow_http2",align=2,sort=30)
+	@ExcelField(title="ssl_ver_allow_http2",align=2,sort=31)
 	public Integer getAllowHttp2() {
 		return allowHttp2;
 	}
 	public void setAllowHttp2(Integer allowHttp2) {
 		this.allowHttp2 = allowHttp2;
 	}
-	@ExcelField(title="decrypt_mirror_enable",align=2,sort=31)
+	@ExcelField(title="decrypt_mirror_enable",align=2,sort=32)
 	public Integer getEnable() {
 		return enable;
 	}
 	public void setEnable(Integer enable) {
 		this.enable = enable;
 	}
-	@ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=32)
+	@ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=33)
 	public Integer getMirrorProfile() {
 		return mirrorProfile;
 	}
diff --git a/src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java b/src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java
index f4ac838ae..e86f5bbbe 100644
--- a/src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java
+++ b/src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java
@@ -14,6 +14,8 @@ public class InterceptIpTemplate extends IpAllNotDoLogTemplate {
 	
 	private Integer pinning;
 	
+	private Integer protocolErrors;
+	
 	private Integer cn;
 	
 	private Integer issuer;
@@ -71,77 +73,84 @@ public class InterceptIpTemplate extends IpAllNotDoLogTemplate {
 	public void setPinning(Integer pinning) {
 		this.pinning = pinning;
 	}
-	@ExcelField(title="cert_verify_approach_cn",align=2,sort=22)
+	@ExcelField(title="exclusions_protocol_errors",align=2,sort=22)
+	public Integer getProtocolErrors() {
+		return protocolErrors;
+	}
+	public void setProtocolErrors(Integer protocolErrors) {
+		this.protocolErrors = protocolErrors;
+	}
+	@ExcelField(title="cert_verify_approach_cn",align=2,sort=23)
 	public Integer getCn() {
 		return cn;
 	}
 	public void setCn(Integer cn) {
 		this.cn = cn;
 	}
-	@ExcelField(title="cert_verify_approach_issuer",align=2,sort=23)
+	@ExcelField(title="cert_verify_approach_issuer",align=2,sort=24)
 	public Integer getIssuer() {
 		return issuer;
 	}
 	public void setIssuer(Integer issuer) {
 		this.issuer = issuer;
 	}
-	@ExcelField(title="cert_verify_approach_self_signed",align=2,sort=24)
+	@ExcelField(title="cert_verify_approach_self_signed",align=2,sort=25)
 	public Integer getSelfSigned() {
 		return selfSigned;
 	}
 	public void setSelfSigned(Integer selfSigned) {
 		this.selfSigned = selfSigned;
 	}
-	@ExcelField(title="cert_verify_approach_expiration",align=2,sort=25)
+	@ExcelField(title="cert_verify_approach_expiration",align=2,sort=26)
 	public Integer getExpiration() {
 		return expiration;
 	}
 	public void setExpiration(Integer expiration) {
 		this.expiration = expiration;
 	}
-	@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",align=2,sort=26)
+	@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",align=2,sort=27)
 	public String getFailMethod() {
 		return failMethod;
 	}
 	public void setFailMethod(String failMethod) {
 		this.failMethod = failMethod;
 	}
-	@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",align=2,sort=27)
+	@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",align=2,sort=28)
 	public String getMin() {
 		return min;
 	}
 	public void setMin(String min) {
 		this.min = min;
 	}
-	@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",align=2,sort=28)
+	@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",align=2,sort=29)
 	public String getMax() {
 		return max;
 	}
 	public void setMax(String max) {
 		this.max = max;
 	}
-	@ExcelField(title="ssl_ver_mirror_client",align=2,sort=29)
+	@ExcelField(title="ssl_ver_mirror_client",align=2,sort=30)
 	public Integer getMirrorClient() {
 		return mirrorClient;
 	}
 	public void setMirrorClient(Integer mirrorClient) {
 		this.mirrorClient = mirrorClient;
 	}
-	@ExcelField(title="ssl_ver_allow_http2",align=2,sort=30)
+	@ExcelField(title="ssl_ver_allow_http2",align=2,sort=31)
 	public Integer getAllowHttp2() {
 		return allowHttp2;
 	}
 	public void setAllowHttp2(Integer allowHttp2) {
 		this.allowHttp2 = allowHttp2;
 	}
-	@ExcelField(title="decrypt_mirror_enable",align=2,sort=31)
+	@ExcelField(title="decrypt_mirror_enable",align=2,sort=32)
 	public Integer getEnable() {
 		return enable;
 	}
 	public void setEnable(Integer enable) {
 		this.enable = enable;
 	}
-	@ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=32)
+	@ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=33)
 	public Integer getMirrorProfile() {
 		return mirrorProfile;
 	}
diff --git a/src/main/java/com/nis/util/excel/ExportExcel.java b/src/main/java/com/nis/util/excel/ExportExcel.java
index 4eba0b414..7ae98eef6 100644
--- a/src/main/java/com/nis/util/excel/ExportExcel.java
+++ b/src/main/java/com/nis/util/excel/ExportExcel.java
@@ -717,6 +717,28 @@ public class ExportExcel {
 				index++;
 			}
 		}
+		//pinning
+		if("exclusions_protocol_errors".equals(headerStr)) {
+			commentStr="";
+			commentStr=msgProp.getProperty("select")+":\n"+commentStr;
+			index++;
+			commentStr+=1+"（"+msgProp.getProperty("yes")+"）\n";
+			index++;
+			commentStr+=0+"（"+msgProp.getProperty("no")+"）\n";
+			index++;
+			if(StringUtil.isEmpty(headerStr)){
+				headerStr="";
+				commentStr="";
+			}else{
+				index++;
+				commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
+				index++;
+				//2、默认值说明
+				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":1\n";
+				index++;
+				index++;
+			}
+		}
 		//cn
 		if("cert_verify_approach_cn".equals(headerStr)) {
 			commentStr="";
@@ -908,7 +930,7 @@ public class ExportExcel {
 		//allow_http2
 		if("ssl_ver_allow_http2".equals(headerStr)) {
 			commentStr="";
-			defaultValue="0";
+			defaultValue="1";
 			commentStr=msgProp.getProperty("select")+":\n"+commentStr;
 			index++;
 			commentStr+=1+"（"+msgProp.getProperty("yes")+"）\n";
diff --git a/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java b/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java
index 620563058..40013317c 100644
--- a/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java
+++ b/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java
@@ -575,6 +575,7 @@ public class CheckIpFormatThread implements Callable<String>{
 				Integer certTransparency=baseIpCfg.getCertTransparency();
 				Integer clientCertReq=baseIpCfg.getClientCertReq();
 				Integer pinning=baseIpCfg.getPinning();
+				Integer protocolErrors=baseIpCfg.getProtocolErrors();
 				Integer cn=baseIpCfg.getCn();
 				Integer issuer=baseIpCfg.getIssuer();
 				Integer selfSigned=baseIpCfg.getSelfSigned();
@@ -649,6 +650,16 @@ public class CheckIpFormatThread implements Callable<String>{
 				}else {
 					map.put("pinning", 1);
 				}
+				if(protocolErrors!=null) {
+					if(protocolErrors!=0&&protocolErrors!=1) {
+						errInfo.append(String.format(prop.getProperty("is_incorrect"),
+								prop.getProperty("exclusions_protocol_errors","exclusions protocol errors") + " ") + ";");
+					}else {
+						map.put("protocol_errors", protocolErrors);
+					}
+				}else {
+					map.put("protocol_errors", 1);
+				}
 				userRegionMap.put("exclusions", map);
 				map=new HashMap<>();
 				Map<String,Object> map1=new HashMap<>();
@@ -724,7 +735,7 @@ public class CheckIpFormatThread implements Callable<String>{
 					}
 				}
 				if(allowHttp2==null) {
-					allowHttp2=0;
+					allowHttp2=1;
 					map.put("allow_http2", allowHttp2);
 				}else {
 					if(allowHttp2!=0&&allowHttp2!=1) {
diff --git a/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java b/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java
index 72b34b5bb..50b11d9c1 100644
--- a/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java
+++ b/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java
@@ -521,6 +521,7 @@ public class CheckStringFormatThread implements Callable<String>{
 				Integer certTransparency=baseStringCfg.getCertTransparency();
 				Integer clientCertReq=baseStringCfg.getClientCertReq();
 				Integer pinning=baseStringCfg.getPinning();
+				Integer protocolErrors=baseStringCfg.getProtocolErrors();
 				Integer cn=baseStringCfg.getCn();
 				Integer issuer=baseStringCfg.getIssuer();
 				Integer selfSigned=baseStringCfg.getSelfSigned();
@@ -595,6 +596,16 @@ public class CheckStringFormatThread implements Callable<String>{
 				}else {
 					map.put("pinning", 1);
 				}
+				if(protocolErrors!=null) {
+					if(protocolErrors!=0&&protocolErrors!=1) {
+						errInfo.append(String.format(prop.getProperty("is_incorrect"),
+								prop.getProperty("exclusions_protocol_errors","exclusions protocol errors") + " ") + ";");
+					}else {
+						map.put("protocol_errors", protocolErrors);
+					}
+				}else {
+					map.put("protocol_errors", 1);
+				}
 				userRegionMap.put("exclusions", map);
 				map=new HashMap<>();
 				Map<String,Object> map1=new HashMap<>();
@@ -670,7 +681,7 @@ public class CheckStringFormatThread implements Callable<String>{
 					}
 				}
 				if(allowHttp2==null) {
-					allowHttp2=0;
+					allowHttp2=1;
 					map.put("allow_http2", allowHttp2);
 				}else {
 					if(allowHttp2!=0&&allowHttp2!=1) {
diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java b/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java
index 8443e1da3..1048c4ccb 100644
--- a/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java
+++ b/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java
@@ -141,6 +141,7 @@ public class InterceptController extends CommonController {
 				String cert_transparency = request.getParameter("cert_transparency");
 				String client_cert_req = request.getParameter("client_cert_req");
 				String pinning = request.getParameter("pinning");
+				String protocol_errors = request.getParameter("protocol_errors");
 				if(StringUtils.isNotBlank(ev_cert)){
 					map.put("ev_cert", Integer.parseInt(ev_cert.trim()));
 				}else {
@@ -156,6 +157,11 @@ public class InterceptController extends CommonController {
 				}else {
 					map.put("pinning", 0);
 				}
+				if(StringUtils.isNotBlank(protocol_errors)){
+					map.put("protocol_errors", Integer.parseInt(protocol_errors.trim()));
+				}else {
+					map.put("protocol_errors", 0);
+				}
 				if(StringUtils.isNotBlank(client_cert_req)){
 					map.put("client_cert_req", Integer.parseInt(client_cert_req.trim()));
 				}else {
@@ -526,6 +532,9 @@ public class InterceptController extends CommonController {
 							if(((Map<String,Object>)userregion.get("exclusions")).containsKey("ev_cert")) {
 								pxyInterceptCfg.setPinning(((Map<String,Object>)userregion.get("exclusions")).get("ev_cert").toString());
 							}
+							if(((Map<String,Object>)userregion.get("exclusions")).containsKey("ev_cert")) {
+								pxyInterceptCfg.setProtocolErrors(((Map<String,Object>)userregion.get("exclusions")).get("ev_cert").toString());
+							}
 							if(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).containsKey("cn")) {
 								pxyInterceptCfg.setCn(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).get("cn").toString());
 							}
diff --git a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp
index 73dc8ee61..1167df845 100644
--- a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp
@@ -584,7 +584,7 @@ legend{padding:.5em;border:0;width:auto;font-family: "Open Sans", sans-serif;col
 																protocolId="${service.protocolId }"
 																configDoLog="${service.configDoLog }"
 																value="${service.action }" class="required action"
-																<c:if test="${_cfg.action==service.action || (_cfg.action==null && satus.index==0)}">checked</c:if>>
+																<c:if test="${_cfg.action==service.action || (_cfg.action==null && satus.index==1)}">checked</c:if>>
 																<c:forEach items="${fns:getDictList('SERVICE_ACTION') }" var="dict">
 																	<c:if test="${(dict.itemCode eq service.action) && (service.action eq 2) }">
 																			<spring:message code="intercept"/>
@@ -713,10 +713,30 @@ legend{padding:.5em;border:0;width:auto;font-family: "Open Sans", sans-serif;col
 									            		<input type="checkbox"   id="client_cert_req" name="client_cert_req" class="switch userRegion" 
 									            		value="${_cfg.cfgId eq null?1:_cfg.userRegion.exclusions.client_cert_req }"  <c:if test="${_cfg.cfgId eq null or _cfg.userRegion.exclusions.client_cert_req eq 1}">checked</c:if>/>
 									            	</div>
+									            	&nbsp;<span title="<spring:message code="Turn off will block applications that use client certificate request."/>" 
+							            			data-icon="&#xe08b;" style="cursor:default"></span>
 												</div>
 												<div for="client_cert_req"></div>
 											</div>
 										</div>
+										<div class="col-md-6">
+											<div class="form-group">
+												<label class="control-label col-md-3">
+														<spring:message code="on_protocol_errors" />
+												</label>
+												<div class="col-md-6">
+													<div class="bootstrap-switch">
+									            		<input type="checkbox"   id=protocol_errors name="protocol_errors" class="switch userRegion" 
+									            		value="${_cfg.cfgId eq null?1:_cfg.userRegion.exclusions.protocol_errors }"  <c:if test="${_cfg.cfgId eq null or _cfg.userRegion.exclusions.protocol_errors eq 1}">checked</c:if>/>
+									            	</div>
+									            	&nbsp;<span title="<spring:message code="Protocol errors are unsupported ciphers, communication exceptions and etc., enable this option will increase network availabilities."/>" 
+							            			data-icon="&#xe08b;" style="cursor:default"></span>
+												</div>												
+												<div for="protocol_errors"></div>
+											</div>
+										</div>
+									</div>
+									<div class="row">
 										<div class="col-md-6">
 											<div class="form-group">
 												<label class="control-label col-md-3">
@@ -819,7 +839,7 @@ legend{padding:.5em;border:0;width:auto;font-family: "Open Sans", sans-serif;col
 								            <div class="col-md-6">
 								            	<select id="fail_method" name="fail_method" data-live-search="true" class="selectpicker form-control required">
 													<c:forEach items="${fns:getDictList('FAIL_METHOD')}" var="dictC">
-														<option value="${dictC.itemCode}" <c:if test="${(_cfg.userRegion.cert_verify.fail_method eq null and dictC.itemCode eq 'pass-through') or (_cfg.userRegion.cert_verify.fail_method eq dictC.itemCode)}">selected</c:if>><spring:message code="${dictC.itemValue}"/></option>
+														<option value="${dictC.itemCode}" <c:if test="${(_cfg.userRegion.cert_verify.fail_method eq null and dictC.itemCode eq 'fail-close') or (_cfg.userRegion.cert_verify.fail_method eq dictC.itemCode)}">selected</c:if>><spring:message code="${dictC.itemValue}"/></option>
 													</c:forEach>
 												</select>
 								            </div>
@@ -888,7 +908,7 @@ legend{padding:.5em;border:0;width:auto;font-family: "Open Sans", sans-serif;col
 												<div class="col-md-6">
 													<div class="bootstrap-switch">
 									            		<input type="checkbox" id="allow_http2" name="allow_http2" class="switch userRegion"
-									            		value="${_cfg.userRegion.ssl_ver.allow_http2 }"  <c:if test="${_cfg.userRegion.ssl_ver.allow_http2 eq 1}">checked</c:if>/>
+									            		value="${_cfg.userRegion.ssl_ver.allow_http2 eq null?1:_cfg.userRegion.ssl_ver.allow_http2}"  <c:if test="${_cfg.cfgId eq null or _cfg.userRegion.ssl_ver.allow_http2 eq 1}">checked</c:if>/>
 									            	</div>
 												</div>
 												<div for="allow_http2"></div>
diff --git a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp
index e97a7da4d..7e65a227a 100644
--- a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp
@@ -102,6 +102,7 @@
 				$(obj).parent().find("td[data-column='cert_transparency']").text(jsonObj.exclusions.cert_transparency==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
 				$(obj).parent().find("td[data-column='client_cert_req']").text(jsonObj.exclusions.client_cert_req==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
 				$(obj).parent().find("td[data-column='pinning']").text(jsonObj.exclusions.pinning==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
+				$(obj).parent().find("td[data-column='protocol_errors']").text(jsonObj.exclusions.protocol_errors==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
 				$(obj).parent().find("td[data-column='cn']").text(jsonObj.cert_verify.approach.cn==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
 				$(obj).parent().find("td[data-column='issuer']").text(jsonObj.cert_verify.approach.issuer==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
 				$(obj).parent().find("td[data-column='self-signed']").text(jsonObj.cert_verify.approach['self-signed']==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
@@ -459,6 +460,7 @@
 							    		<th column="exclusions_cert_transparency" ><spring:message code="exclusions_cert_transparency"/></th>
 							    		<th column="exclusions_client_cert_req" ><spring:message code="exclusions_client_cert_req"/></th>
 							    		<th column="exclusions_pinning" ><spring:message code="exclusions_pinning"/></th>
+							    		<th column="exclusions_protocol_errors" ><spring:message code="exclusions_protocol_errors"/></th>
 							    		<th column="cert_verify_approach_cn" ><spring:message code="cert_verify_approach_cn"/></th>
 							    		<th column="cert_verify_approach_issuer" ><spring:message code="cert_verify_approach_issuer"/></th>
 							    		<th column="cert_verify_approach_self_signed" ><spring:message code="cert_verify_approach_self_signed"/></th>
@@ -571,6 +573,7 @@
 								    <td data-column="cert_transparency" ></td>
 								    <td data-column="client_cert_req" ></td>
 								    <td data-column="pinning" ></td>
+								    <td data-column="protocol_errors" ></td>
 								    <td data-column="cn" ></td>
 								    <td data-column="issuer" ></td>
 								    <td data-column="self-signed" ></td>