https://live.paloaltonetworks.com/t5/general-topics/change-the-ssl-tls-server-configuration-to-only-allow-strong-key/m-p/519446#M107700 <P>Each of your GlobalProtect Portals and Gateways should have a SSL/TLS Service Profile under the Authentication tab. Go to Device-&gt;Certificate Management -&gt; SSL/TLS Service Profiles and change the associated profile to Protocol Settings: Min Version = TLSv1.2</P> <P>&nbsp;</P> <P>You can not specific specific key exchanges to be used as far as I am aware, just select the minimum/maximum SSL/TLS security level.</P> Thu, 27 Oct 2022 18:51:53 GMT Adrian_Jensen 2022-10-27T18:51:53Z https://live.paloaltonetworks.com/t5/general-topics/change-the-ssl-tls-server-configuration-to-only-allow-strong-key/m-p/519375#M107690 <P>Ho w to disable&nbsp;Weak SSL/TLS Key Exchange on Palo Alto Firewall while connecting&nbsp; with Globa lProtect VPN&nbsp;</P> Thu, 27 Oct 2022 11:45:44 GMT https://live.paloaltonetworks.com/t5/general-topics/change-the-ssl-tls-server-configuration-to-only-allow-strong-key/m-p/519375#M107690 bhupendrakumar1 2022-10-27T11:45:44Z https://live.paloaltonetworks.com/t5/general-topics/change-the-ssl-tls-server-configuration-to-only-allow-strong-key/m-p/519446#M107700 <P>Each of your GlobalProtect Portals and Gateways should have a SSL/TLS Service Profile under the Authentication tab. Go to Device-&gt;Certificate Management -&gt; SSL/TLS Service Profiles and change the associated profile to Protocol Settings: Min Version = TLSv1.2</P> <P>&nbsp;</P> <P>You can not specific specific key exchanges to be used as far as I am aware, just select the minimum/maximum SSL/TLS security level.</P> Thu, 27 Oct 2022 18:51:53 GMT https://live.paloaltonetworks.com/t5/general-topics/change-the-ssl-tls-server-configuration-to-only-allow-strong-key/m-p/519446#M107700 Adrian_Jensen 2022-10-27T18:51:53Z