About aniz.mohammed@futuretec.com.kw

‎05-07-2017

since

L0 Member

1
Post
0
Likes
0
Solutions
May 07, 2017
Last Visited

User Activity

User Profile

Latest posts by aniz.mohammed@futuretec.com.kw

Subject

Views

Posted

How to disable the use of SSL compression on HTTP-TLS interfaces on the device.

5113

‎12-03-2013 05:47 AM

User Badges

Community Statistics

Member Since	‎04-03-2012 01:22 AM
Date Last Visited	‎05-07-2017 01:15 PM
Posts	1

Dear All, Please help me on this issue. The IT Security Audit team has scanned the PaloAlto Firewall PA-2050 and they found this vulnerability: ********************************************************************************************************* 62565 (1) - TLS CRIME Vulnerability Synopsis: The remote service has a configuration that may make it vulnerable to the CRIME attack. Description: The remote service has one of two configurations that are known to be required for the CRIME attack: - SSL / TLS compression is enabled. - TLS advertises the SPDY protocol earlier than version 4. Solution: Disable compression and / or the SPDY service. Risk Factor: Medium ********************************************************************************************************* According to the document from PaloAlto "PAN-OS 5.0.3: Release Notes > Addressed Issues" there is: 47813 -- Made a change to disable the use of SSL compression on HTTP-TLS interfaces on the device. So, How can we disable this SSL compression? Regards, Aniz