- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
08-07-2022 04:22 PM
Since I upgraded to the lastest fedora, all of my python/ansible script failed when they are decrypted by our palo alto ssl outbound policy.
After some diging, fedora 35 was using openssl 1.1.1 and fedora 36 switched to openssl 3.0: https://fedoraproject.org/wiki/Changes/OpenSSL3.0
On the openssl 3.0 changelog, we can find this:
OPENSSL changelog between 1.1.1 and 3.0.0 [7 sep 2021] contains:
* Support for RFC 5746 secure renegotiation is now required by default for SSL or TLS connections to succeed.
I found a post on a stackoverflow that explain how to reenable unsecure renegociation to have a quick fix. This won't be a good solution when all our devs will be using linux and dockers with openssl 3.0 installed.
Is there a way to configure ssl decryption on the palo alto to enable secure renegociation ?