11-08-2022 06:39 AM
Hi,
We are getting an increasing number of users reporting issues connecting through the Palo Altos when using OpenSSL3. Here is the information I have:
"We've got someone working on moving to Node-18 from 14. We're getting issues in the build pipeline where OpenSSL3 is failing to connect through the proxy. We get the error unsafe legacy renegotiation disabled - google says the proxy box needs to support RFC 5746. Is there any information on the proxy box and who manages it so we can investigate/come up with a workaround?"
And
"We have reproduced this issue while working to build new ADO agent images - Ubuntu 22.04's version of openssl3 also blocks all outbound ssl connections with the same error:
1$ curl https://google.com
2curl: (35) error:0A000152:SSL routines::unsafe legacy renegotiation disabled
We obviously do not wish to enable the UnsafeLegacyRenegotiation option."
I see this has also been reporting on the Palo Alto forums at https://live.paloaltonetworks.com/t5/globalprotect-discussions/rfc5746-issue-with-ssl-decryption-ope....
Is there a solution to this issue please?
Thanks,
(not sure if this is the right board-please redirect if not-thanks)
