topic Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater) in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/diffie-hellman-ephemeral-key-exchange-dos-vulnerability-ssl-tls/m-p/556472#M4356 <P>Hi, Has anyone running the client version of GP successfully mittigated the&nbsp;Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater) for the GP portals? I have only found ways to disable DHE for clientless GP configuration.</P> <P>We are running PANOS 10.1.10 h1 but it seems like DHE is supported on all PANOS version even though it is not recommended to use them.</P> Tue, 05 Sep 2023 09:01:46 GMT Per_Edner 2023-09-05T09:01:46Z Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater) https://live.paloaltonetworks.com/t5/globalprotect-discussions/diffie-hellman-ephemeral-key-exchange-dos-vulnerability-ssl-tls/m-p/556472#M4356 <P>Hi, Has anyone running the client version of GP successfully mittigated the&nbsp;Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater) for the GP portals? I have only found ways to disable DHE for clientless GP configuration.</P> <P>We are running PANOS 10.1.10 h1 but it seems like DHE is supported on all PANOS version even though it is not recommended to use them.</P> Tue, 05 Sep 2023 09:01:46 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/diffie-hellman-ephemeral-key-exchange-dos-vulnerability-ssl-tls/m-p/556472#M4356 Per_Edner 2023-09-05T09:01:46Z Re: Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater) https://live.paloaltonetworks.com/t5/globalprotect-discussions/diffie-hellman-ephemeral-key-exchange-dos-vulnerability-ssl-tls/m-p/556734#M4363 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/273481">@Per_Edner</a>&nbsp;,</P> <P>&nbsp;</P> <P>I believe the following KB explains how to disable DHE key algorithm:<BR /><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004MCcCAM" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004MCcCAM</A></P> <P>&nbsp;</P> <P>Kind regards,</P> <P>-Kim.</P> Wed, 06 Sep 2023 11:29:26 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/diffie-hellman-ephemeral-key-exchange-dos-vulnerability-ssl-tls/m-p/556734#M4363 kiwi 2023-09-06T11:29:26Z