12-05-2012 02:29 AM
All,
We have implemented SSL decryption for a customer. The certificate used on the PA is the same as on the server.
Our systems are scanned weekly by Qualys. One of the vulnerability is the following:
1/ SSL Server has SSLv2 Enabled Vulnerability
Solution:
Disable SSLv2
2/ SSL Insecure Protocol negotiation weakness
Solution:
OpenSSL has released new versions to address this issue.
After some debugging we have the following result as in attachment.
Can we conclude that the PA is using SSLv2? And if so how can we change it (to use SSLv3 or TLS) to get rid of the above vulnerability?
rgds
Johan
12-05-2012 01:36 PM
Hi Johan,
Please look at the following post
https://live.paloaltonetworks.com/message/16282#16282
Let us know if this helps.
Thank you
Numan
12-06-2012 01:08 AM
I've read this post, PAN is using openssl. But which version of SSL is the on the device, version 2 or 3 protocols ?
At this time openssl 1.0.1b is released.
rgds
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
