This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Secure Renegotiation in PANOS 9x?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Secure Renegotiation in PANOS 9x?

Go to solution
richardhicks
L0 Member

‎04-04-2019 04:31 PM - edited ‎04-04-2019 04:31 PM

I'm seeing some posts stating that Secure Renegotiation is not supported on the Palo Alto platform. Is this still true for the latest release, v9.x? If so, how is it enabled? 

3 people had this problem.
0 Likes Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
vsys_remo
Cyber Elite
Cyber Elite
In response to richardhicks

‎04-06-2019 12:00 PM - edited ‎04-07-2019 04:26 AM

Hi @richardhicks 

 

At least on a global protect portal website secure renegotiation is still not supported ... so I assume this also applies to inbound decryption.

 

@BPry 

What do you think when TLS1.3 support will be added? I would saysomewhere in 2021 😛 (with PAN-OS 10?)

View solution in original post

0 Likes Likes
7 REPLIES 7

Go to solution
BPry
Cyber Elite
Cyber Elite

‎04-05-2019 12:58 PM

@richardhicks,

I'm fairly certain that TLS Renegotiation was fixed in an update to 6.0, so it's been available for a while. Regardless renegotiation is dying anyways; TLS 1.3 removes it completely. 

0 Likes Likes

Go to solution
richardhicks
L0 Member
In response to BPry

‎04-05-2019 01:43 PM

Good to hear. So how to enable it? I'm certainly glad that TLS 1.3 eliminates it, but my customer has TLS 1.2 at the moment and need to elminate this audit finding. 🙂

0 Likes Likes

Go to solution
vsys_remo
Cyber Elite
Cyber Elite
In response to richardhicks

‎04-06-2019 12:00 PM - edited ‎04-07-2019 04:26 AM

Hi @richardhicks 

 

At least on a global protect portal website secure renegotiation is still not supported ... so I assume this also applies to inbound decryption.

 

@BPry 

What do you think when TLS1.3 support will be added? I would saysomewhere in 2021 😛 (with PAN-OS 10?)

0 Likes Likes

Go to solution
BPry
Cyber Elite
Cyber Elite
In response to vsys_remo

‎04-06-2019 06:21 PM

@vsys_remo,

Last I heard it was still being targeted for 9.1**, but it wouldn't suprise me at all of this got pushed back to 10*. There's some really interesting papers you can find that speak in detail about the additional issues with TLS 1.3 and attempting to intercept that communication in a passive format. 

 

 

*version names referenced are simply picked from historical release information.

**Inside Baseball (IE: Roadmap) discussions are strictly confidential and enforced through an NDA. The information presented in this post is non-official information and was not directly supplied by Palo Alto Networks or its employees. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks