This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Yusuke_Tahara
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Yusuke_Tahara
09-29-2023
4Posts
2Likes
0Solutions
Sep 29, 2023Last Visited
User
Activity
User
Profile
Latest posts by Yusuke_Tahara
| Subject | Views | Posted |
|---|---|---|
| 8495 | 09-09-2020 03:55 PM | |
| 8637 | 09-09-2020 02:17 PM | |
| 20747 | 07-21-2020 08:31 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 09-09-2020 02:17 PM | |
| 1 Like | 09-09-2020 03:55 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 2 Likes | |||
| 2 Likes | |||
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 06-04-2015 12:41 PM |
| Date Last Visited | 09-29-2023 07:53 PM |
| Posts | 4 |
| Total Likes Received | 2 |
09-09-2020
03:55 PM
1 Kudo
So it's bad enough that the web server chooses a weak Cipher Suite that is not supported by HTTP/2, but don't think paloalto should also backport to PANOS 9.x as soon as possible, because they have solution for their product. There are probably other HTTP/2-related problems, so users who give up and downgrade HTTP/2 are not getting the benefit of HTTP/2 for SSL decryption. So I think everyone who is affected should contact the TAC for this and raise a request for improvement. I think if paloalto can get a lot of user feedback, their priority will be higher. Of course, getting people to "like" these comments might help somewhat, too.
... View more
09-09-2020
02:17 PM
1 Kudo
@kalolu @TyronF I don't know if it's the same event, but I've previously received the following response from Palo Alto support, so I'll just state it as it is I have not checked this way to see if the sites noted will be able to connect, and I have downgraded and used HTTP/2 by disabling ALPN. Therefore, if you have implemented the following solution, I would be happy to let you know here. === When a Client Hello is sent from the client, PANOS receives this Client Hello and sends it to Send to the web server. When PANOS sends the Client Hello, it inserts a Cipher Suite, depending on the settings in the decryption profile, and sends it to the WEB server. The web server receives the Client Hello sent by PANOS and inserts the Responds to Cipher Suite in the order in which it is presented, with the Cipher Suite supported by the web server. However, it should have responded with the highest-strength Cipher Suite. Because the web server responded in the order in which the Cipher Suite was presented, RFC 7540 for HTTP/2 "9.2.2. TLS 1.2 Cipher Suites" used a low strength Cipher Suite that should not be used. As a result, we received a Server Hello sent from the web server and the client received a FIN The packet was sent and the traffic was terminated. Therefore, we have determined that it is a server/client browser issue. Based on the above, we would like to provide two solutions: 1. In the decryption profile settings, please try to use Cipher Suite (registered in RFC 7040) Exclude "Appendix A. TLS 1.2 Cipher Suite Black List" 2. use PANOS 10 or higher (In PANOS 10.0, the order in which Cipher Suite is presented has been changed.)
... View more
07-21-2020
08:31 PM
Prisma Accessのアクティベート方法が変わっているので、こちらを反映していただけないでしょうか? https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/license-prisma-access/activate-and-install-prisma-access.html
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-29-2023
07:53 PM
|
Latest Tags
No tags yet
Likes Given To
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks