How to disable ssl v3 on vpn web page?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to disable ssl v3 on vpn web page?

L3 Networker

scanned the PA webserver we use for our VPN portal with qualys ssl scanner. Got a grade of F. Suggested to disable ....

 

  • Diffie-Hellman (DH) key exchange
  • 512-bit export suites
  • Ssl v2 and v3

how can I go about doing this?

3 REPLIES 3

Not applicable

Hi Choff,

According to me, there isn't any option for disabling DH key exchange and 512-bit suites. You can only avoid using them. However, if you have configured IPSEC VPN, you would have to use any one of the DH group while choosing your IKE proposals.

Also, there is no option to disable SSLV2 AND V3, but due to issues related to CVE-2015-0204, our firewall stopped supporting SSLV3 from 6.0.8 and 6.1.2.

Hope this is helpful.

Regards,

Ramya

L6 Presenter

Hi Choffr,

You can not disable any encryption algorithm on PANW firewall. You can either disable on client or server.

You can block it via custom application/signature, but its not going to help. Because client will keep on try to connect on those algorithms which will result in failure attempts.

Regards,

Hardik Shah

L4 Transporter

Hi Choffr,

I am agree with Hardik.

tnx

Satish

  • 2931 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!