Getting Validation Error : ssl-protocol-settings -> enc-algo-3des unexpected here

Getting Validation Error : ssl-protocol-settings -> enc-algo-3des unexpected here

15806
Created On 07/07/20 18:23 PM - Last Modified 07/28/20 22:29 PM


Symptom


Getting Validation Error "enc-algo-3des unexpected"  message after upgrading to PAN-OS version 9.1.x from PAN-OS 8.x.x.
  
Validation Error:
profiles -> decryption -> Lax Inspection -> ssl-protocol-settings -> enc-algo-3des unexpected here
profiles -> decryption -> Lax Inspection -> ssl-protocol-settings is invalid
Invalid configuration. Please fix errors and try again



 

Environment


  • PAN-OS 9.1.x
  • Palo Alto Firewall

Cause


The issue appears to be caused by the corruption in the xml file referencing decryption.


 

Resolution


  1. Take a safe backup copy of running configuration.
  2. Export the running config xml file and open the file using notepad or any other txt editor.
  3. Delete the reference to the the decryption profile ssl-protocol-settings and remove the part of configuration highlighted (See below).
ssl-protocol-settings {
min-version tls1-0;
enc-algo-3des no;
enc-algo-rc4 no;
auth-algo-md5 no;
  1. Save and Import the modified xml into the firewall
  2. Commit the configuration.

Additional Information


If the 3des encryption needs to be added, it can be added after commit.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UhoCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language