SSL Inbound Inspection failed due to unsupported Signature Hash Algorithm

SSL Inbound Inspection failed due to unsupported Signature Hash Algorithm

20495
Created On 07/24/19 01:26 AM - Last Modified 11/17/22 06:59 AM


Symptom


SSL Inbound inspection is failing when client opens web page on Google Chrome but works fine on Internet Explorer.
Logs collected with Flow basic, SSL basic and Proxy basic will show the following,

debug: pan_ssl3_process_handshake_msg(pan_ssl3.c:1087): receive handshake 12 ServerKeyExchange length 361 st 0x8000000030d67580 client
debug: pan_ssl3_client_process_handshake(pan_ssl_client.c:1231): st 0x8000000030d67580 write_state 0 type=12
debug: pan_ssl3_client_get_server_key_exchange(pan_ssl_client.c:704): get server key exchange
debug: pan_ssl_verify_key_xchg_sig(pan_ssl_client.c:639): signature type 4 hash type, 8 <<<<<<<<<<<<<<
debug: pan_ssl_verify_key_xchg_sig(pan_ssl_client.c:642): pan_pki_ssl_sig_id_to_type(4) <<<<<<<<<<<<<<
debug: pan_ssl3_client_get_server_key_exchange(pan_ssl_client.c:728): pan_tls12_verify_key_xchg_sig() failed <<<<<<<<<<<<<< 
debug: pan_ssl3_client_process_handshake(pan_ssl_client.c:1302): pan_ssl3_client_get_server_key_exchange() ret=-1
Error: pan_ssl_proxy_handle_rt_hs(pan_ssl_proxy.c:242): pan_ssl3_process_handshake_msg() failed -1
Error: pan_ssl_proxy_parse_data(pan_ssl_proxy.c:574): pan_ssl_proxy_handle_partial_record() failed <<<<<<<<<<<<<<

These 3 highlighted logs indicate the following:
  • Signature type 4 is Unknown
  • Hash type 4 is Unknown

Environment


  • A website is hosted on Apache or IIS server.
  • Clients on internet access the web page through PAN firewall that is performing SSL inbound inspection.

 

Cause


The Client Hello, that is generated from Google Chrome and IE, has different Signature Algorithms that are offered to the Server.
The signature algorithm that Google Chrome sends to the server and Server selects that for the session, is not supported on PAN.
You can find that in the Client Hello packet details and in the details of Server Key Exchange Packet.
 
  • On Internet Explorer
Signature Algorithm: rsa_pkcs1_sha256 (0x0401) <<<< works fine and supported on PAN.
Hash: SHA256
Signature: RSA

Client Hello from Internet Explorer
 
  • On Google Chrome
Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) <<<<< not supported on PAN.
Hash: Unknown
Signature: Unknown

Client Hello from Google Chrome

Resolution


As of now, this signature algorithm "rsa_pss_rsae_sha256" i.e. any "pss" signature algorithms, are not supported in PAN-OS 9.1 branch yet.
For now, if possible, the server team can disable this signature algorithm on server. 
Otherwise, upgrading to PAN-OS 10.1 branch that supports "pss" signature algorithms should be considered.

ECDHE signature algorithm "rsa_pss_rsae_sha256" is seen in handshake when the Client/Server supports the TLS version 1.3 (RFC reference - https://tools.ietf.org/html/rfc8446#section-4.2.3)

Additional Information


Signature algorithm "rsa_pss_rsae_sha256" (seen in SSL handshake when the Client/Server supports TLS version 1.3) has started being supported in PAN-OS 10.0.
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMR7CAO&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail