This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

SSL Decryption bug in PAN-OS 9.1.14

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

SSL Decryption bug in PAN-OS 9.1.14

Go to solution
LAS
L2 Linker

‎05-23-2022 10:58 AM

I recently upgraded from panos 9.1.13-h3 to 9.1.14 then SSL decryption stopped working, in the traffic monitor there wasn't any decryption error but when i excluded a PC the internet worked


and it seams other people are also having the same issue (Reddit ), but its not in the known issue list until now


so i had to revert to the previous version and its working now fine

0 Likes Likes
22 REPLIES 22

Go to solution
jpan123
L1 Bithead
In response to N2Z2

‎06-14-2022 07:34 AM

Not working to me. 😞

0 Likes Likes

Go to solution
jpan123
L1 Bithead
In response to N2Z2

‎06-14-2022 09:17 AM

Any recommendation that I can try?

0 Likes Likes

Go to solution
LAYER_8
L5 Sessionator
In response to jpan123

‎06-14-2022 09:25 AM

Have you both enabled strip ALPN?

Help the community! Add tags and mark solutions please.
0 Likes Likes

Go to solution
N2Z2
L2 Linker

‎06-14-2022 09:29 AM

In my case yes

0 Likes Likes

Go to solution
jpan123
L1 Bithead
In response to LAYER_8

‎06-14-2022 09:36 AM

What do you mean both enabled?

0 Likes Likes

Go to solution
LAYER_8
L5 Sessionator
In response to jpan123

‎06-14-2022 09:39 AM

SSL forward proxy settings, follow this guide. Strip ALPN is the known-good workaround for this bug. 

Help the community! Add tags and mark solutions please.
0 Likes Likes

Go to solution
jpan123
L1 Bithead
In response to LAYER_8

‎06-14-2022 09:43 AM

Did disable globally?

0 Likes Likes

Go to solution
LAYER_8
L5 Sessionator
In response to jpan123

‎06-14-2022 09:59 AM

You will still be decrypting traffic. 

 

Strip ALPN just downgrades HTTP/2 to HTTP/1 globally. 

Help the community! Add tags and mark solutions please.
0 Likes Likes
  • 9940 Views
  • 22 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks