topic Re: SSL decryption, which version of SSL is used ? in General Topics https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-which-version-of-ssl-is-used/m-p/27964#M20406 <HTML><HEAD></HEAD><BODY><P>Hi Johan, </P><P></P><P>Please look at the following post</P><P><A class="" href="https://live.paloaltonetworks.com/message/16282#16282">https://live.paloaltonetworks.com/message/16282#16282</A></P><P></P><P>Let us know if this helps.</P><P></P><P>Thank you</P><P>Numan</P></BODY></HTML> Wed, 05 Dec 2012 21:36:10 GMT mbutt 2012-12-05T21:36:10Z SSL decryption, which version of SSL is used ? https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-which-version-of-ssl-is-used/m-p/27963#M20405 <HTML><HEAD></HEAD><BODY><P>All,</P><P></P><P>We have implemented SSL decryption for a customer. The certificate used on the PA is the same as on the server.</P><P></P><P>Our systems are scanned weekly by Qualys. One of the vulnerability is the following:</P><P>1/ SSL Server has SSLv2 Enabled Vulnerability</P><P></P><P>Solution:</P><P>Disable SSLv2</P><P></P><P>2/ SSL Insecure Protocol negotiation weakness</P><P></P><P>Solution:</P><P>OpenSSL has released new versions to address this issue.</P><P></P><P>After some debugging we have the following result as in attachment.</P><P>Can we conclude that the PA is using SSLv2? And if so how can we change it (to use SSLv3 or TLS) to get rid of the above vulnerability?</P><P></P><P>rgds</P><P>Johan</P><P></P><P></P><P></P><P><BR /> </P></BODY></HTML> Wed, 05 Dec 2012 10:29:09 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-which-version-of-ssl-is-used/m-p/27963#M20405 loosj 2012-12-05T10:29:09Z Re: SSL decryption, which version of SSL is used ? https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-which-version-of-ssl-is-used/m-p/27964#M20406 <HTML><HEAD></HEAD><BODY><P>Hi Johan, </P><P></P><P>Please look at the following post</P><P><A class="" href="https://live.paloaltonetworks.com/message/16282#16282">https://live.paloaltonetworks.com/message/16282#16282</A></P><P></P><P>Let us know if this helps.</P><P></P><P>Thank you</P><P>Numan</P></BODY></HTML> Wed, 05 Dec 2012 21:36:10 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-which-version-of-ssl-is-used/m-p/27964#M20406 mbutt 2012-12-05T21:36:10Z Re: SSL decryption, which version of SSL is used ? https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-which-version-of-ssl-is-used/m-p/27965#M20407 <HTML><HEAD></HEAD><BODY><P>I've read this post, PAN is using openssl. But which version of SSL is the on the device, version 2 or 3 protocols ?</P><P></P><P>At this time openssl 1.0.1b is released.</P><P></P><P>rgds</P></BODY></HTML> Thu, 06 Dec 2012 09:08:35 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-which-version-of-ssl-is-used/m-p/27965#M20407 loosj 2012-12-06T09:08:35Z