Traffic log shows Session End Reason = 'decrypt-unsupport-param' after updating a browser (Microsoft Edge or Google Chrome) to 124 and Higher
13203
Created On 05/02/24 00:24 AM - Last Modified 07/16/24 04:21 AM
Symptom
Traffic log shows Session End Reason = 'decrypt-unsupport-param' after updating a browser(Microsoft Edge or Google Chrome) to 124 and Higher.
Environment
- Prisma Access
- Traffic log
- Decryption
Cause
Segmented client hello packets received out of order the is dropped without even going to proxy.
Resolution
Disable "TLS 1.3 hybridized Kyber support" in the browser.
- Open the browser tab.
- Copy paste the following for Microsoft Edge.
edge://flags/#enable-tls13-kyber
- For Google Chrome copy/paste the following in the tab.
chrome://flags/#enable-tls13-kyber
Note: The issue has been fixed in the newer releases. If the issue persists, please request for PAN-253546 fix release in Prisma access with a support case.
Additional Information
This issue was announced by the following incident report.
Recommendations for Addressing Site Access Challenges with Decryption on Google Chrome Browser 124 and Higher