Hi @Moritz ,
Supported cipher suites will vary depending on your PAN-OS version. What's your current version and how is your decryption profile configured ?
As an example, some earlier PAN-OS versions only supported DHE or ECDHE for SSL Forward Proxy (it wasn't not supported for Inbound Inspection).
You might want to do some more debugging and check on which cipher suite client/server agree upon in the SSL handshake and compare that to the compatibility matrix to see if it's actually supported:
Hope it helps