Last I heard it was still being targeted for 9.1**, but it wouldn't suprise me at all of this got pushed back to 10*. There's some really interesting papers you can find that speak in detail about the additional issues with TLS 1.3 and attempting to intercept that communication in a passive format.
*version names referenced are simply picked from historical release information.
**Inside Baseball (IE: Roadmap) discussions are strictly confidential and enforced through an NDA. The information presented in this post is non-official information and was not directly supplied by Palo Alto Networks or its employees.
Are there any current versions of PAN-OS that support secure renegotiation?
Inbound decryption SERVER-INITIATED Secure Renegotiation IS NOT supported.
Secure Renegotiatio---->Not supported ACTION NEEDED (more info)
Secure Client-Initiated Renegotiation---- >No
From palo alto side can to possible to configure support secure renegotiation
if it is feature request then can you please provide me FR number
Hi @Ghidini ,
There are actually 2 existing FRs for this feature:
FR ID: 8112 (support for secure renegotiation / inbound SSL decrypt and GlobalProtect )
FR ID: 18516 (Support for RFC 5746 )
Please reach out to your local SE and you can have your vote added to them.
You need to upgrade PANOS. Removing weak ciphers gives only A-
To get A+ you need to upgrade to PANOS that supports renegotiation.
PAN-184630 - Fixed an issue where TLS clients, such as those using OpenSSL 3.0, enforced the TLS renegotiation extension (RFC 5746).
You need to review 10.1.x release notes to see if renegotiation is fixed in any of it's versions.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!