How to disable ssl v3 on vpn web page?

L3 Networker

How to disable ssl v3 on vpn web page?

scanned the PA webserver we use for our VPN portal with qualys ssl scanner. Got a grade of F. Suggested to disable ....

 

  • Diffie-Hellman (DH) key exchange
  • 512-bit export suites
  • Ssl v2 and v3

how can I go about doing this?

Tags (1)
Not applicable

Re: How to disable ssl v3 on vpn web page?

Hi Choff,

According to me, there isn't any option for disabling DH key exchange and 512-bit suites. You can only avoid using them. However, if you have configured IPSEC VPN, you would have to use any one of the DH group while choosing your IKE proposals.

Also, there is no option to disable SSLV2 AND V3, but due to issues related to CVE-2015-0204, our firewall stopped supporting SSLV3 from 6.0.8 and 6.1.2.

Hope this is helpful.

Regards,

Ramya

L6 Presenter

Re: How to disable ssl v3 on vpn web page?

Hi Choffr,

You can not disable any encryption algorithm on PANW firewall. You can either disable on client or server.

You can block it via custom application/signature, but its not going to help. Because client will keep on try to connect on those algorithms which will result in failure attempts.

Regards,

Hardik Shah

Highlighted
L4 Transporter

Re: How to disable ssl v3 on vpn web page?

Hi Choffr,

I am agree with Hardik.

tnx

Satish

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!