SSL Vulnerability Non-Detection Behavior is Seen when Inbound SSL Decryption Policy is Set

SSL Vulnerability Non-Detection Behavior is Seen when Inbound SSL Decryption Policy is Set

0
Created On 09/26/18 13:44 PM - Last Modified 07/19/22 23:08 PM


Resolution


Issue

When configuring settings (with a normal security policy whether single VSYS or multiple VSYS) it is set together with Inbound SSL Decryption policy, detection of SSL relevant vulnerability by the security profile (vulnerability) failed.

 

Cause

After the inbound SSL decryption is set, the threat engine only sees decrypted data and does not have a chance to see the SSL version number (SSL3.0), which is in the SSL handshake hello packets. So the SSL v3 vulnerability is not identified in this setting.

 

Details

The vulnerabilities listed below apply to this scenario:

 

Workaround

Deactivate the inbound SSL decryption policy by following the steps below:

  1. From the WebGUI, go to Policies and click Decryption on left side menu
  2. Choose a specific “Inbound SSL Decryption Policy”
  3. Click the Disable button
    Today.png
  4. Commit

 

owner: khogi

 

 



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClmNCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail