Decryption for TLSv1.3
Table of Contents
10.0 (EoL)
Expand all | Collapse all
-
- Automatic Content Updates Through Offline Panorama
- Enhanced Authentication for Dedicated Log Collectors and WildFire Appliances
- Syslog Forwarding Using Ethernet Interfaces
- Increased Configuration Size for Panorama
- Access Domain Enhancements for Multi-Tenancy
- Enhanced Performance for Panorama Query and Reporting
- Log Query Debugging
- Configurable Key Limits in Scheduled Reports
- Multiple Plugin Support for Panorama
End-of-Life (EoL)
Decryption for TLSv1.3
Decrypt TLSv1.3 traffic to protect against threats in
encrypted traffic while benefiting from TLSv1.3 application security
and performance improvements.
You can now decrypt, gain full visibility
into, and prevent known and unknown threats in TLSv1.3 traffic.
TLSv1.3 is the latest version of the TLS protocol, which provides
application security and performance improvements. Your existing
Decryption policies work with TLSv1.3 when you configure the associated
Decryption profile to use TLSv1.3 as the minimum protocol version
or to use TLSv1.3 or Max as the maximum protocol version. The firewall
supports TLSv1.3 decryption in all modes (Forward Proxy, Inbound
Inspection, Decryption Broker, and Decryption Port Mirroring).
To
use TLSv1.3, the client and server must be able to negotiate TLSv1.3
ciphers. For websites that don’t support TLSv1.3, the firewall selects
an older version of the TLS protocol that the server supports.
The
firewall supports the following decryption algorithms for TLSv1.3:
- TLS13-AES-128-GCM-SHA256
- TLS13-AES-256-GCM-SHA384
- TLS13-CHACHA20-POLY1305-SHA256
Follow decryption best practices when setting
the TLS and protocol version in your Decryption profiles. See TLSv1.3 Decryption for
details.