TLS version used by PA for SSL Communication

Reply
Highlighted
L0 Member

TLS version used by PA for SSL Communication

Hi all,

 

Can anybody please confirm if the latest PAN OS 8.0 still uses TLSv1.0 for handshake during SSL communication? Is there a way we can configure Palo-Alto to use TLSv1.1 or 1.2?

 

I have a HTTP server running services on 443 which supports minimum TLSv1.1 for SSL communication. I am trying to forward threat logs from PA FW using HTTP log forwarding profile. I did a packet capture, and it seems like Palo-Alto is making the handshake using TLSv1.0 and it fails as the HTTP server rejects the request.

 

The SSL/TLS Service Profile allows you to select the min protocol version for TLS, but I believe that is for incoming SSL communication request from a client.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!