12-03-2013 05:47 AM
Dear All,
Please help me on this issue. The IT Security Audit team has scanned the PaloAlto Firewall PA-2050 and they found this vulnerability:
*********************************************************************************************************
62565 (1) - TLS CRIME Vulnerability
Synopsis:
The remote service has a configuration that may make it vulnerable to the CRIME attack.
Description:
The remote service has one of two configurations that are known to be required for the CRIME attack:
- SSL / TLS compression is enabled.
- TLS advertises the SPDY protocol earlier than version 4.
Solution:
Disable compression and / or the SPDY service.
Risk Factor:
Medium
*********************************************************************************************************
According to the document from PaloAlto "PAN-OS 5.0.3: Release Notes > Addressed Issues" there is:
47813 -- Made a change to disable the use of SSL compression on HTTP-TLS interfaces on the device.
So, How can we disable this SSL compression?
Regards,
Aniz
12-03-2013 05:09 PM
Hello Aniz,
SPDY feature can be disabled in Chrome's browser properties.
Please refer the following document:
Chrome Version 21 Unable to Make SSL Connections to google.com Destinations
Let me know if that helps you!
Thanks and regards,
Kunal Adak
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
