cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who rated this post

Community Team Member

Hi @Moritz ,

 

Supported cipher suites will vary depending on your PAN-OS version.  What's your current version and how is your decryption profile configured ?

 

As an example, some earlier PAN-OS versions only supported DHE or ECDHE for SSL Forward Proxy (it wasn't not supported for Inbound Inspection). 

 

You might want to do some more debugging and check on which cipher suite client/server agree upon in the SSL handshake and compare that to the compatibility matrix to see if it's actually supported:

 

https://docs.paloaltonetworks.com/compatibility-matrix/supported-cipher-suites.html

 

Hope it helps

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
Who rated this post