Since upgrading to Palo Alto Networks 4.1 we often have warnings in several firefox and thunderbird clients.
Then we get the error mesage "ssl_error_rx_unexpected_new_session_ticket".
This example is from thunderbird:
Additionally the behaviour of the firewall to let some SSL communication undecrypted - for instance: on the first click https://www.anyside.de/index.html will be decrypted, the second click on https://www.anyside.de/anydoc.html will not - is a bit disturbing.
first i tried to disable device->setup->Server CRL/OCSP Settings.
this works a bit. Now the SSL crypted websites will be mostly continuous decrypted.
With some rare exceptions: if we get an error message like this here
i get an undecrypted website at next, if i click "Nochmals versuchen".
Next i will try your suggestion.
We can see another strange behaviour by the firewall, which shows in the same direction:
Especially if using the Firefox Browser will the third or fifth reload of a ssl-crypted website be undecrypted by the firewall.You simply have to click "reload" several times on any SSL Website.
Very strange behaviour by a security device.
Your device is obviously malfunctioning for some reason.
Did you file this as a bugreport and what did the support tell you?
A similar event regarding 2000-boxes and SSL was spring 2010 (3.0/3.1.something) where the SSL engine failed in mgmtplane which gave all sort of funny results (because the MITM cert is created on the fly by the mgmtplane and then cached in the dataplane if im not mistaken). That bug was fixed a few weeks later after being reported (and debugged).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!