SSL Decryption Woes


ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Cyber Elite

Still don't have an answer from TAC.

L1 Bithead

Slightly OT, what kind of traffic do you manage to require 3050s instead of 3020s for 1K users?

Cyber Elite

Bug ID 83524 -


Has been documented for sites with unsupported cipher suites still not being accessible when configured to not block unsupported cipher suites.


The current work around is to bypass URLs as they come.  As of this date 8 Sep 15, this bug still isn't resolved in 7.0.2, though operability with other ciphers might be better the bug isn't officially resolved in 7.0.2.

L3 Networker

I asked a Palo Alto representative about this a few months back, and support for TLS_ECDHE_RSA and TLS_DHE_RSA was planned to be implemented sometime in the first half of 2016.


Could be coming in PANOS 8?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!