Please refer to Supported Cipher Suites Compatibility Matrix to determine support for cipher suites according to PAN-OS® release and feature or function.
Fantastic. The addition of DHE/ECDHE ciphers should help a ton with decryption incompatabilities. More and more secure sites have only support those stronger ciphers in TLS1.2 connections, and modern browsers have issues downgrading to TLS1.1 where common ciphers may exist.
As I've found out recently, these new supported ECDHE cipher suites aren't supported with SSL Inbound Inspection, but only SSL Forward Proxy.
Palo have stated this in the decryption profile in small print under SSL Protocol settings, but some people I think would miss this.
Do we have/can we get an updated list for 8.0?
Any chance of fully supporting DHE/ECDHE ciphers?
wondering if we get any update on the ECDHE cipher support for inbound decryption?
We can only provide information on what is currently supported. Please reach out to a local sales team for information on future releases
::edit:: feel free to subscribe to this article (see dropdown options) as we will keep it updated with releases when they become available
Thank you Permalink
Does this also apply to HSM implementations for outbound inspection. Previous release notes state otherwise.
This article lists the supported cyphers for the firewall platform itself, limitations apply when using HSM as mentioned in the admin guide
Regarding the support of ECDHE for SSL Inbound Inspection, please refer to the following page for PAN-OS 8.0