https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-ssl-tls-server-supports-tlsv1-0-in-global-protect/m-p/135089#M47455 <P>If you are on a version post-7.0 then go into device tab and go to Certificate Management-SSL/TLS Service Profile and modify the Min Version to something not TLSv1.0.&nbsp;</P><P>Pre 7.0 code I'm not all that positive, maybe the same thing; I don't have anything running that old anymore.&nbsp;</P> Thu, 29 Dec 2016 21:24:13 GMT BPry 2016-12-29T21:24:13Z https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-ssl-tls-server-supports-tlsv1-0-in-global-protect/m-p/134985#M47434 <P>How I can disable TLSv1.0 support from Gateway IP address? Security scan reporting that TLSv1.0 is enabled.</P><P>&nbsp;</P><P>In SSL/TLS Service Profile Min Version is&nbsp;TLSv1.2 and Max Version in Max.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 29 Dec 2016 13:23:02 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-ssl-tls-server-supports-tlsv1-0-in-global-protect/m-p/134985#M47434 ToniE 2016-12-29T13:23:02Z https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-ssl-tls-server-supports-tlsv1-0-in-global-protect/m-p/135015#M47441 <P>Hello,</P><P>I dont recall a specific place where this can be done on the PAN. It is usually done automatically with code upgrades. What version of code are you running? Check the release notes for versions that are newer than yours and see if these have been disabled.</P><P>&nbsp;</P><P>Hope this helps.</P> Thu, 29 Dec 2016 15:49:07 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-ssl-tls-server-supports-tlsv1-0-in-global-protect/m-p/135015#M47441 OtakarKlier 2016-12-29T15:49:07Z https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-ssl-tls-server-supports-tlsv1-0-in-global-protect/m-p/135089#M47455 <P>If you are on a version post-7.0 then go into device tab and go to Certificate Management-SSL/TLS Service Profile and modify the Min Version to something not TLSv1.0.&nbsp;</P><P>Pre 7.0 code I'm not all that positive, maybe the same thing; I don't have anything running that old anymore.&nbsp;</P> Thu, 29 Dec 2016 21:24:13 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-ssl-tls-server-supports-tlsv1-0-in-global-protect/m-p/135089#M47455 BPry 2016-12-29T21:24:13Z https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-ssl-tls-server-supports-tlsv1-0-in-global-protect/m-p/135146#M47465 <P>Hi,</P><P>&nbsp;</P><P>Version is 7.1.4-h2</P><P>&nbsp;</P><P>SSL/TLS Service Profile is already Min. 1.2 but security scan keep telling that 1.0 is enabled <span class="lia-unicode-emoji" title=":neutral_face:">😐</span></P><P>&nbsp;</P><P>br</P><P>Toni</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 30 Dec 2016 07:23:55 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-ssl-tls-server-supports-tlsv1-0-in-global-protect/m-p/135146#M47465 ToniE 2016-12-30T07:23:55Z https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-ssl-tls-server-supports-tlsv1-0-in-global-protect/m-p/135636#M47531 <P>Try checking your&nbsp;GP portal SSL protocols supported with a different tool (like the one in the link) if it's still showing up as tlsv1.0 open a TAC case.</P><P><A href="https://www.ssllabs.com/ssltest/" target="_blank">https://www.ssllabs.com/ssltest/</A></P> Tue, 03 Jan 2017 21:34:58 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-ssl-tls-server-supports-tlsv1-0-in-global-protect/m-p/135636#M47531 glastra1 2017-01-03T21:34:58Z https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-ssl-tls-server-supports-tlsv1-0-in-global-protect/m-p/135913#M47559 <P>Hi,</P><P>&nbsp;</P><P>In this test phase we only have IP addresses in use so can't do that ssltest.</P><P>&nbsp;</P><P>But it was Qualy's scan in first place which report this TLSv.1.0 issue so maybe I open TAC case.</P><P>&nbsp;</P><P>thanks</P><P>Toni</P> Thu, 05 Jan 2017 07:40:36 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-disable-ssl-tls-server-supports-tlsv1-0-in-global-protect/m-p/135913#M47559 ToniE 2017-01-05T07:40:36Z