SSL decryption, which version of SSL is used ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

SSL decryption, which version of SSL is used ?

Not applicable

All,

We have implemented SSL decryption for a customer. The certificate used on the PA is the same as on the server.

Our systems are scanned weekly by Qualys. One of the vulnerability is the following:

1/ SSL Server has SSLv2 Enabled Vulnerability

Solution:

Disable SSLv2

2/ SSL Insecure Protocol negotiation weakness

Solution:

OpenSSL has released new versions to address this issue.

After some debugging we have the following result as in attachment.

Can we conclude that the PA is using SSLv2? And if so how can we change it (to use SSLv3 or TLS) to get rid of the above vulnerability?

rgds

Johan


2 REPLIES 2

L5 Sessionator

Hi Johan,

Please look at the following post

https://live.paloaltonetworks.com/message/16282#16282

Let us know if this helps.

Thank you

Numan

I've read this post, PAN is using openssl. But which version of SSL is the on the device, version 2 or 3 protocols ?

At this time openssl 1.0.1b is released.

rgds

  • 2218 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!