https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-the-use-of-ssl-compression-on-http-tls-interfaces/m-p/16942#M12347 <HTML><HEAD></HEAD><BODY><P>Dear All,</P><P></P><P></P><P>Please help me on this issue. The IT Security Audit team has scanned the PaloAlto Firewall PA-2050 and they found this vulnerability:</P><P></P><P></P><P>*********************************************************************************************************</P><P>62565 (1) - TLS CRIME Vulnerability</P><P></P><P>Synopsis:</P><P>The remote service has a configuration that may make it vulnerable to the CRIME attack.</P><P></P><P>Description:</P><P>The remote service has one of two configurations that are known to be required for the CRIME attack:</P><P>- SSL / TLS compression is enabled.</P><P>- TLS advertises the SPDY protocol earlier than version 4.</P><P></P><P>Solution:</P><P>Disable compression and / or the SPDY service.</P><P></P><P>Risk Factor:</P><P>Medium</P><P>*********************************************************************************************************</P><P></P><P></P><P>According to the document from PaloAlto "PAN-OS 5.0.3: Release Notes &gt; Addressed Issues"&nbsp; there is: </P><P>47813 -- Made a change to disable the use of SSL compression on HTTP-TLS interfaces on the device. </P><P></P><P></P><P>So, How can we disable this SSL compression?</P><P></P><P></P><P>Regards,</P><P>Aniz</P></BODY></HTML> Tue, 03 Dec 2013 13:47:11 GMT aniz.mohammed@futuretec.com.kw 2013-12-03T13:47:11Z https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-the-use-of-ssl-compression-on-http-tls-interfaces/m-p/16942#M12347 <HTML><HEAD></HEAD><BODY><P>Dear All,</P><P></P><P></P><P>Please help me on this issue. The IT Security Audit team has scanned the PaloAlto Firewall PA-2050 and they found this vulnerability:</P><P></P><P></P><P>*********************************************************************************************************</P><P>62565 (1) - TLS CRIME Vulnerability</P><P></P><P>Synopsis:</P><P>The remote service has a configuration that may make it vulnerable to the CRIME attack.</P><P></P><P>Description:</P><P>The remote service has one of two configurations that are known to be required for the CRIME attack:</P><P>- SSL / TLS compression is enabled.</P><P>- TLS advertises the SPDY protocol earlier than version 4.</P><P></P><P>Solution:</P><P>Disable compression and / or the SPDY service.</P><P></P><P>Risk Factor:</P><P>Medium</P><P>*********************************************************************************************************</P><P></P><P></P><P>According to the document from PaloAlto "PAN-OS 5.0.3: Release Notes &gt; Addressed Issues"&nbsp; there is: </P><P>47813 -- Made a change to disable the use of SSL compression on HTTP-TLS interfaces on the device. </P><P></P><P></P><P>So, How can we disable this SSL compression?</P><P></P><P></P><P>Regards,</P><P>Aniz</P></BODY></HTML> Tue, 03 Dec 2013 13:47:11 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-the-use-of-ssl-compression-on-http-tls-interfaces/m-p/16942#M12347 aniz.mohammed@futuretec.com.kw 2013-12-03T13:47:11Z https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-the-use-of-ssl-compression-on-http-tls-interfaces/m-p/16943#M12348 <HTML><HEAD></HEAD><BODY><P>Hello Aniz,</P><P></P><P>SPDY feature can be disabled in Chrome's browser properties.</P><P></P><P>Please refer the following document:</P><P><A href="https://live.paloaltonetworks.com/docs/DOC-3496">Chrome Version 21 Unable to Make SSL Connections to google.com Destinations</A></P><P></P><P>Let me know if that helps you!</P><P></P><P></P><P>Thanks and regards,<BR />Kunal Adak</P></BODY></HTML> Wed, 04 Dec 2013 01:09:25 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-the-use-of-ssl-compression-on-http-tls-interfaces/m-p/16943#M12348 kadak 2013-12-04T01:09:25Z