topic Which weak cipher suites for SSL/TLS to delete in General Topics https://live.paloaltonetworks.com/t5/general-topics/which-weak-cipher-suites-for-ssl-tls-to-delete/m-p/542850#M111179 <P>Hi All,</P> <P>I recently had a pen test return the following results:</P> <TABLE class="reportTable"> <TBODY class="cipher1Block"> <TR class="tableRow"> <TD class="tableLeft"><SPAN class="color-green">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (<CODE>0xc030</CODE>)</SPAN><SPAN>&nbsp;</SPAN>&nbsp;<SPAN>&nbsp;</SPAN><SPAN class="greySmall">ECDH secp256r1 (eq. 3072 bits RSA) &nbsp; FS</SPAN></TD> <TD class="tableRight">256</TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><SPAN class="color-green">TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (<CODE>0xc02f</CODE>)</SPAN><SPAN>&nbsp;</SPAN>&nbsp;<SPAN>&nbsp;</SPAN><SPAN class="greySmall">ECDH secp256r1 (eq. 3072 bits RSA) &nbsp; FS</SPAN></TD> <TD class="tableRight">128</TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_RSA_WITH_AES_256_GCM_SHA384 (<CODE>0x9d</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">256</FONT></TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_RSA_WITH_AES_128_GCM_SHA256 (<CODE>0x9c</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">128</FONT></TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_RSA_WITH_AES_256_CBC_SHA256 (<CODE>0x3d</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">256</FONT></TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_RSA_WITH_AES_128_CBC_SHA256 (<CODE>0x3c</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">128</FONT></TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><SPAN class="color-green">TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (<CODE>0x9f</CODE>)</SPAN><SPAN>&nbsp;</SPAN>&nbsp;<SPAN>&nbsp;</SPAN><SPAN class="greySmall"><SPAN title="p: 256, g: 256, Ys: 256">DH 2048 bits</SPAN><SPAN>&nbsp;</SPAN>&nbsp; FS</SPAN></TD> <TD class="tableRight">256</TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><SPAN class="color-green">TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (<CODE>0x9e</CODE>)</SPAN><SPAN>&nbsp;</SPAN>&nbsp;<SPAN>&nbsp;</SPAN><SPAN class="greySmall"><SPAN title="p: 256, g: 256, Ys: 256">DH 2048 bits</SPAN><SPAN>&nbsp;</SPAN>&nbsp; FS</SPAN></TD> <TD class="tableRight">128</TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (<CODE>0xc014</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><SPAN class="greySmall">ECDH secp256r1 (eq. 3072 bits RSA) &nbsp; FS</SPAN><SPAN>&nbsp;</SPAN>&nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">256</FONT></TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (<CODE>0xc013</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><SPAN class="greySmall">ECDH secp256r1 (eq. 3072 bits RSA) &nbsp; FS</SPAN><SPAN>&nbsp;</SPAN>&nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">128</FONT></TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_RSA_WITH_AES_128_CBC_SHA (<CODE>0x2f</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">128</FONT></TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_DHE_RSA_WITH_AES_256_CBC_SHA (<CODE>0x39</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><SPAN class="greySmall"><SPAN title="p: 256, g: 256, Ys: 256">DH 2048 bits</SPAN><SPAN>&nbsp;</SPAN>&nbsp; FS</SPAN><SPAN>&nbsp;</SPAN>&nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">256</FONT></TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_DHE_RSA_WITH_AES_128_CBC_SHA (<CODE>0x33</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><SPAN class="greySmall"><SPAN title="p: 256, g: 256, Ys: 256">DH 2048 bits</SPAN><SPAN>&nbsp;</SPAN>&nbsp; FS</SPAN><SPAN>&nbsp;</SPAN>&nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">12</FONT></TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>which of the below cipher suites do I disable to comply ? (enc-algo-3des is already disabled), this is set on my global protect interface, will anything break <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <PRE class="ckeditor_codeblock">+ auth-algo-sha1 Allow authentication SHA1 + auth-algo-sha256 Allow authentication SHA256 + auth-algo-sha384 Allow authentication SHA384 + enc-algo-3des Allow algorithm 3DES + enc-algo-aes-128-cbc Allow algorithm AES-128-CBC + enc-algo-aes-128-gcm Allow algorithm AES-128-GCM + enc-algo-aes-256-cbc Allow algorithm AES-256-CBC + enc-algo-aes-256-gcm Allow algorithm AES-256-GCM + enc-algo-rc4 Allow algorithm RC4 + keyxchg-algo-dhe Allow algorithm DHE + keyxchg-algo-ecdhe Allow algorithm ECDHE + keyxchg-algo-rsa Allow algorithm RSA + max-version max-version + min-version min-version</PRE> <P>&nbsp;</P> Mon, 22 May 2023 03:24:49 GMT PaulBrock 2023-05-22T03:24:49Z Which weak cipher suites for SSL/TLS to delete https://live.paloaltonetworks.com/t5/general-topics/which-weak-cipher-suites-for-ssl-tls-to-delete/m-p/542850#M111179 <P>Hi All,</P> <P>I recently had a pen test return the following results:</P> <TABLE class="reportTable"> <TBODY class="cipher1Block"> <TR class="tableRow"> <TD class="tableLeft"><SPAN class="color-green">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (<CODE>0xc030</CODE>)</SPAN><SPAN>&nbsp;</SPAN>&nbsp;<SPAN>&nbsp;</SPAN><SPAN class="greySmall">ECDH secp256r1 (eq. 3072 bits RSA) &nbsp; FS</SPAN></TD> <TD class="tableRight">256</TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><SPAN class="color-green">TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (<CODE>0xc02f</CODE>)</SPAN><SPAN>&nbsp;</SPAN>&nbsp;<SPAN>&nbsp;</SPAN><SPAN class="greySmall">ECDH secp256r1 (eq. 3072 bits RSA) &nbsp; FS</SPAN></TD> <TD class="tableRight">128</TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_RSA_WITH_AES_256_GCM_SHA384 (<CODE>0x9d</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">256</FONT></TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_RSA_WITH_AES_128_GCM_SHA256 (<CODE>0x9c</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">128</FONT></TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_RSA_WITH_AES_256_CBC_SHA256 (<CODE>0x3d</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">256</FONT></TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_RSA_WITH_AES_128_CBC_SHA256 (<CODE>0x3c</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">128</FONT></TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><SPAN class="color-green">TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (<CODE>0x9f</CODE>)</SPAN><SPAN>&nbsp;</SPAN>&nbsp;<SPAN>&nbsp;</SPAN><SPAN class="greySmall"><SPAN title="p: 256, g: 256, Ys: 256">DH 2048 bits</SPAN><SPAN>&nbsp;</SPAN>&nbsp; FS</SPAN></TD> <TD class="tableRight">256</TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><SPAN class="color-green">TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (<CODE>0x9e</CODE>)</SPAN><SPAN>&nbsp;</SPAN>&nbsp;<SPAN>&nbsp;</SPAN><SPAN class="greySmall"><SPAN title="p: 256, g: 256, Ys: 256">DH 2048 bits</SPAN><SPAN>&nbsp;</SPAN>&nbsp; FS</SPAN></TD> <TD class="tableRight">128</TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (<CODE>0xc014</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><SPAN class="greySmall">ECDH secp256r1 (eq. 3072 bits RSA) &nbsp; FS</SPAN><SPAN>&nbsp;</SPAN>&nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">256</FONT></TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (<CODE>0xc013</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><SPAN class="greySmall">ECDH secp256r1 (eq. 3072 bits RSA) &nbsp; FS</SPAN><SPAN>&nbsp;</SPAN>&nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">128</FONT></TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_RSA_WITH_AES_128_CBC_SHA (<CODE>0x2f</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">128</FONT></TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_DHE_RSA_WITH_AES_256_CBC_SHA (<CODE>0x39</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><SPAN class="greySmall"><SPAN title="p: 256, g: 256, Ys: 256">DH 2048 bits</SPAN><SPAN>&nbsp;</SPAN>&nbsp; FS</SPAN><SPAN>&nbsp;</SPAN>&nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">256</FONT></TD> </TR> <TR class="tableRow"> <TD class="tableLeft"><FONT color="#F88017">TLS_DHE_RSA_WITH_AES_128_CBC_SHA (<CODE>0x33</CODE>) &nbsp;<SPAN>&nbsp;</SPAN><SPAN class="greySmall"><SPAN title="p: 256, g: 256, Ys: 256">DH 2048 bits</SPAN><SPAN>&nbsp;</SPAN>&nbsp; FS</SPAN><SPAN>&nbsp;</SPAN>&nbsp;<SPAN>&nbsp;</SPAN><STRONG>WEAK</STRONG></FONT></TD> <TD class="tableRight"><FONT color="#F88017">12</FONT></TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>which of the below cipher suites do I disable to comply ? (enc-algo-3des is already disabled), this is set on my global protect interface, will anything break <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <PRE class="ckeditor_codeblock">+ auth-algo-sha1 Allow authentication SHA1 + auth-algo-sha256 Allow authentication SHA256 + auth-algo-sha384 Allow authentication SHA384 + enc-algo-3des Allow algorithm 3DES + enc-algo-aes-128-cbc Allow algorithm AES-128-CBC + enc-algo-aes-128-gcm Allow algorithm AES-128-GCM + enc-algo-aes-256-cbc Allow algorithm AES-256-CBC + enc-algo-aes-256-gcm Allow algorithm AES-256-GCM + enc-algo-rc4 Allow algorithm RC4 + keyxchg-algo-dhe Allow algorithm DHE + keyxchg-algo-ecdhe Allow algorithm ECDHE + keyxchg-algo-rsa Allow algorithm RSA + max-version max-version + min-version min-version</PRE> <P>&nbsp;</P> Mon, 22 May 2023 03:24:49 GMT https://live.paloaltonetworks.com/t5/general-topics/which-weak-cipher-suites-for-ssl-tls-to-delete/m-p/542850#M111179 PaulBrock 2023-05-22T03:24:49Z Re: Which weak cipher suites for SSL/TLS to delete https://live.paloaltonetworks.com/t5/general-topics/which-weak-cipher-suites-for-ssl-tls-to-delete/m-p/542911#M111186 <P>I assume you refer to GlobalProtect ciphers.</P> <P>To get A- score in SSLLabs test run following 4 commands (adjust template and profile name to match your environment)</P> <P>&nbsp;</P> <P>If config is managed inside firewall</P> <P>set shared ssl-tls-service-profile GlobalProtect protocol-settings auth-algo-sha1 no<BR />set shared ssl-tls-service-profile GlobalProtect protocol-settings enc-algo-3des no<BR />set shared ssl-tls-service-profile GlobalProtect protocol-settings enc-algo-rc4 no<BR />set shared ssl-tls-service-profile GlobalProtect protocol-settings keyxchg-algo-rsa no</P> <P>&nbsp;</P> <P>If config is pushed from Panorama<BR />set template Template-name config shared ssl-tls-service-profile GlobalProtect protocol-settings auth-algo-sha1 no<BR />set template Template-name config shared ssl-tls-service-profile GlobalProtect protocol-settings enc-algo-3des no<BR />set template Template-name config shared ssl-tls-service-profile GlobalProtect protocol-settings enc-algo-rc4 no<BR />set template Template-name config shared ssl-tls-service-profile GlobalProtect protocol-settings keyxchg-algo-rsa no</P> Mon, 22 May 2023 12:38:46 GMT https://live.paloaltonetworks.com/t5/general-topics/which-weak-cipher-suites-for-ssl-tls-to-delete/m-p/542911#M111186 Raido_Rattameister 2023-05-22T12:38:46Z Re: Which weak cipher suites for SSL/TLS to delete https://live.paloaltonetworks.com/t5/general-topics/which-weak-cipher-suites-for-ssl-tls-to-delete/m-p/542914#M111187 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/46571">@PaulBrock</a>,</P> <P>I'd really suggest running through this on a non-production portal/gateway before actually making this change on your production portal/gateway ssl-tls-service-profile. While disabling weaker protocol settings generally doesn't cause any issues, I've also run into some very odd client configuration settings that would have broken things had we not tested it prior to making the change.</P> <P>&nbsp;</P> <LI-CODE lang="markup">set shared ssl-tls-service-profile GlobalProtect protocol-settings keyxchg-algo-rsa no set shared ssl-tls-service-profile GlobalProtect protocol-settings auth-algo-sha1 no </LI-CODE> <P>Replace "GlobalProtect" with whatever profile you're using.&nbsp;</P> Mon, 22 May 2023 12:40:36 GMT https://live.paloaltonetworks.com/t5/general-topics/which-weak-cipher-suites-for-ssl-tls-to-delete/m-p/542914#M111187 BPry 2023-05-22T12:40:36Z Re: Which weak cipher suites for SSL/TLS to delete https://live.paloaltonetworks.com/t5/general-topics/which-weak-cipher-suites-for-ssl-tls-to-delete/m-p/542994#M111197 <P>Thank you so much, this is so helpful&nbsp;<span class="lia-unicode-emoji" title=":thumbs_up:">👍</span></P> <P>I wish that when I contacted support, rather than sending KBs they would simply answer like you have.</P> <P>&nbsp;</P> Tue, 23 May 2023 02:47:31 GMT https://live.paloaltonetworks.com/t5/general-topics/which-weak-cipher-suites-for-ssl-tls-to-delete/m-p/542994#M111197 PaulBrock 2023-05-23T02:47:31Z Re: Which weak cipher suites for SSL/TLS to delete https://live.paloaltonetworks.com/t5/general-topics/which-weak-cipher-suites-for-ssl-tls-to-delete/m-p/543081#M111215 <P>I would recommend the following settings as these will get you an A- on SSL Labs:</P> <P>&nbsp;</P> <P>set shared ssl-tls-service-profile &lt;SSL/TLS service profile name&gt; protocol-settings auth-algo-sha1 no<BR />set shared ssl-tls-service-profile &lt;SSL/TLS service profile name&gt; protocol-settings enc-algo-3des no<BR />set shared ssl-tls-service-profile &lt;SSL/TLS service profile name&gt; protocol-settings enc-algo-rc4 no<BR />set shared ssl-tls-service-profile &lt;SSL/TLS service profile name&gt; protocol-settings enc-algo-aes-128-cbc no<BR />set shared ssl-tls-service-profile &lt;SSL/TLS service profile name&gt; protocol-settings enc-algo-aes-256-cbc no<BR />set shared ssl-tls-service-profile &lt;SSL/TLS service profile name&gt; protocol-settings keyxchg-algo-rsa no</P> <P>&nbsp;</P> <P>It is very unfortunate that Palo Alto will not fix secure renegotiation as that would get you an A+.</P> <P>Also sendig the root certificate should be fixed by Palo Alto.</P> Tue, 23 May 2023 16:49:56 GMT https://live.paloaltonetworks.com/t5/general-topics/which-weak-cipher-suites-for-ssl-tls-to-delete/m-p/543081#M111215 Han.Valk 2023-05-23T16:49:56Z Re: Which weak cipher suites for SSL/TLS to delete https://live.paloaltonetworks.com/t5/general-topics/which-weak-cipher-suites-for-ssl-tls-to-delete/m-p/543107#M111219 <P>Hi Han,</P> <P>You must have received the same report,<span class="lia-unicode-emoji" title=":grinning_face:">😀</span></P> <P>the Pen testers&nbsp; flagged Weak ciphers,&nbsp;<SPAN>secure renegotiation, and also&nbsp;Information Disclosure</SPAN></P> <P>&nbsp;</P> <P><SPAN>With regard to Information disclosure:</SPAN></P> <P><SPAN>I don't suppose anyone knows how to turn off Palo Alto "Palo Alto GlobalProtect Gateway httpd"&nbsp;</SPAN></P> <P>&nbsp;</P> Tue, 23 May 2023 22:10:12 GMT https://live.paloaltonetworks.com/t5/general-topics/which-weak-cipher-suites-for-ssl-tls-to-delete/m-p/543107#M111219 PaulBrock 2023-05-23T22:10:12Z Re: Which weak cipher suites for SSL/TLS to delete https://live.paloaltonetworks.com/t5/general-topics/which-weak-cipher-suites-for-ssl-tls-to-delete/m-p/543124#M111223 <P>Why would you want to turn off gateway access over https?</P> <P>It is needed for gateway functionality.</P> <P>&nbsp;</P> <P>GlobalProtect agent will try 3 times to connect over udp/4501 to establish IPSec tunnel but if it fails then it will fail back to SSL-VPN over tcp/443 (those are default ports numbers that can be changed).</P> <P>&nbsp;</P> Wed, 24 May 2023 02:15:45 GMT https://live.paloaltonetworks.com/t5/general-topics/which-weak-cipher-suites-for-ssl-tls-to-delete/m-p/543124#M111223 Raido_Rattameister 2023-05-24T02:15:45Z Re: Which weak cipher suites for SSL/TLS to delete https://live.paloaltonetworks.com/t5/general-topics/which-weak-cipher-suites-for-ssl-tls-to-delete/m-p/543128#M111224 <P>Hi Raido,</P> <P>sorry, I probably did not explain myself properly.</P> <P>I need to turn off Palo Alto disclosing information to a public scan.</P> <P>&nbsp;</P> <P>at the moment you can see the following information "<SPAN>Palo Alto GlobalProtect Gateway httpd"</SPAN></P> Wed, 24 May 2023 02:26:13 GMT https://live.paloaltonetworks.com/t5/general-topics/which-weak-cipher-suites-for-ssl-tls-to-delete/m-p/543128#M111224 PaulBrock 2023-05-24T02:26:13Z