Who Me Too'd this topic

Who Me Too'd this topic

L0 Member

PAN-OS GP SSL Cipher Selection

PAN-OS 8.1 seems to lack the capability to perform fine-grained configuration of cipher suite selection and prioritization for GlobalProtect VPN functions.

 

I ran a fairly detailed SSL functionality assessment on a configured TLS v1.2-only GP gateway and found that RSA encryption-based ciphers are selected by default by all simulated clients. This was a bigger concern previously due to ROBOT (CVE-2017-17841 for PAN-OS, patched in PAN-OS 8.0.7), but there's also the fact that RSA encryption-based ciphers don’t provide perfect forward secrecy. My assessment yields the following ciphers, in order of the PAN FW’s preference:

 

AES256-GCM-SHA384

AES128-GCM-SHA256

AES256-SHA256

AES128-SHA256

AES128-SHA

ECDHE-RSA-AES256-SHA

ECDHE-RSA-AES128-SHA

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES128-GCM-SHA256

 

Highlighted are the RSA encryption-based ciphers. For some reason, they’re A) being used at all and B) prioritized over other PFS-capable cipher options. Any TLS v1.2-capable client is by definition capable of communicating using PFS-capable cipher suites, so this ordering is surprising.

 

Cryptographic best practices (as of now) would dictate the following order:

 

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES128-GCM-SHA256

ECDHE-RSA-AES256-SHA

ECDHE-RSA-AES128-SHA

AES256-GCM-SHA384

AES128-GCM-SHA256

AES256-SHA256

AES128-SHA256

AES128-SHA

 

Even better, best practices-wise, would be to omit the highlighted options entirely. Ideally, the combination and priority of cipher suites offered to the client would be configurable on the FW itself. Currently, only the TLS version is configurable.

 

(Minorly edited copy-paste of my conversation with a channel engineer.)

Who Me Too'd this topic