How to disable DHE key algorithm in order to mitigate raccoon attack (CVE-2020-1968)

• The customer using any of PAN-OS 8.1, PAN-OS 9.0 and PAN-OS 9.1 versions needs to consider to disable DHE key algorithm in order to mitigate raccoon attack (CVE-2020-1968), if he or she is using the one of the features (The web interface / GlobalProtect Portal / GlobalProtect Gateway / GlobalProtect Clientless VPN).
• Palo Alto Networks has released an option to disable DHE key algorithm in order to mitigate raccoon attack (CVE-2020-1968) for any of the above listed features.
• In order for the option to take effect on the web interface, the PAN-OS version need to be upgraded to 8.1.20 / 9.0.11 / 9.1.5. In the PAN-OS versions prior to 8.1.20 / 9.0.11 / 9.1.5, the option works for the GlobalProtect features but not for the web interface.
• If the customer is using PAN-OS 10.0 and later PAN-OS versions, he or she doesn't need to consider to disable DHE key algorithm since those versions are not affected by the vulnerability.
• If the customer is using the default certificate for the web interface with any of PAN-OS 8.1, PAN-OS 9.0 and PAN-OS 9.1 versions, the customer needs to follow How To Configure A Certificate For Secure Web-GUI Access before performing the steps in this knowledge base because "SSL/TLS service profile" is necessary for the option to disable DHE key algorithm.

• PANOS 8.1
• PANOS 9.0
• PANOS 9.1

• If the customer is using any of PAN-OS 8.1, PAN-OS 9.0 and PAN-OS 9.1 versions, in order to disable DHE key algorithm, he or she can execute in the below command in the PAN-OS administrative command line interface with the config mode ON and commit the change. In all of the examples the SSL/TLS service profile name is management_tls_profile.  

set shared ssl-tls-service-profile management_tls_profile protocol-settings keyxchg-algo-dhe no

• If the customer has the certificate under multi vsys deployment, the example command to disable DHE key algorithm is below.

set vsys vsys1 ssl-tls-service-profile management_tls_profile protocol-settings keyxchg-algo-dhe no

• To protect the Panorama web interface itself, the example command to disable DHE key algorithm is below

set panorama ssl-tls-service-profile management_tls_profile protocol-settings keyxchg-algo-dhe no

• To update the templates on Panorama, the example command to disable DHE key algorithm is below

set template <template name> config shared ssl-tls-service-profile management_tls_profile protocol-settings keyxchg-algo-dhe no

• The customer can obtain the SSL/TLS service profile name as follows.

admin@Lab98-31-PA-5250# show shared ssl-tls-service-profile
ssl-tls-service-profile {
  management_tls_profile {
    protocol-settings {
      min-version tls1-2;
      max-version max;
      keyxchg-algo-dhe no;
    }
    certificate management;
  }
}
[edit]

•  The customer can test to see if DHE key algorithm is properly disabled on their PAN-OS deployment by the command below.

root@remnux:~# nmap --script ssl-enum-ciphers -p 443 <ip address>

Starting Nmap 7.60 ( https://nmap.org ) at 2021-11-01 02:38 EDT
Stats: 0:00:00 elapsed; 0 hosts completed (0 up), 1 undergoing Ping Scan
Ping Scan Timing: About 100.00% done; ETC: 02:38 (0:00:00 remaining)
Nmap scan report for 10.137.98.31
Host is up (0.00085s latency).

PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.90 seconds

• If DHE key algorithm is NOT properly disabled on the PAN-OS deployment, the result is the below.

root@remnux:~# nmap --script ssl-enum-ciphers -p 443 <ip address>

Starting Nmap 7.60 ( https://nmap.org ) at 2021-10-31 23:58 EDT
Nmap scan report for 10.137.98.31
Host is up (0.00086s latency).

PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.99 seconds

• You can see the first command output doesn't contain DHE key algorithms. ( e.g."TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)