Post-Quantum Cryptography Detection and Control
Focus
Focus

Post-Quantum Cryptography Detection and Control

Table of Contents

Post-Quantum Cryptography Detection and Control

NGFWs can detect, block or allow, and log TLSv1.3 sessions that use post-quantum cryptography.
Where Can I Use This?What Do I Need?
  • NGFW (Managed by Strata Cloud Manager)
  • NGFW (Managed by PAN-OS or Panorama)
  • This feature has no prerequisites.
Post-quantum cryptography (PQC) algorithms and hybrid PQC algorithms (classical and PQC algorithms combined) are accessible through open-source libraries and integrated into web browsers and other technologies. Traffic encrypted by PQC or hybrid PQC algorithms cannot be decrypted yet, making these algorithms vulnerable to misuse. However, you can prevent the misuse of PQC and hybrid PQC algorithms and make informed decisions by monitoring PQC activity on your network.
Palo Alto Networks firewalls detect, block, and log the use of PQC and hybrid PQC algorithms in TLSv1.3 sessions. This is done automatically based on the settings in your Decryption policy rules. Review your rules and update your Decryption configuration as needed to get the most visibility into PQC activity. These actions should be part of your post-quantum migration planning and preparation strategy.

How the Firewall Detects and Handles Post-quantum Cryptography

If SSL traffic matches an SSL Forward Proxy or SSL Inbound Inspection Decryption policy rule, the firewall prevents negotiation with PQC, hybrid PQC, and other unsupported algorithms. The following detection and blocking process enables the firewall to continuously decrypt and identify threats during a session:
  1. ClientHello Inspection. The firewall checks the ClientHello for the supported_groups TLS extension. This extension specifies the groups that the client supports for key exchange.
  2. Comparison of Values. The firewall compares the hexadecimal value in the supported-groups extension to a set of known values for PQC and hybrid PQC algorithms. This is how the firewall identifies the specific algorithms supported by the client.
  3. Removal of Unsupported Algorithms. When SSL Forward Proxy and Inbound Decryption policy rules are applied, the firewall removes PQC, hybrid PQC, and other unsupported algorithms from the ClientHello. This forces the client to negotiate exclusively with classical algorithms.
  4. Session Restart and Negotiation with Classical Algorithms. The session restarts, and the client and server negotiate with classical algorithms. (For a list of supported cipher suites, see PAN-OS 11.1 Decryption Cipher Suites.)
However, if the client strictly negotiates PQC, hybrid PQC, or other unsupported algorithms, the firewall drops the session.
If SSL traffic matches a “no-decrypt” Decryption policy rule or doesn’t match any Decryption policy rules, the firewall allows negotiation with PQC or hybrid PQC algorithms. However, details of sessions that negotiate these algorithms are available in Decryption logs only when session traffic matches a "no-decrypt" Decryption policy rule.

Post-quantum Cryptography and Decryption Logs

Decryption logs provide visibility into post-quantum cryptography activity on your network for sessions that negotiate PQC or hybrid PQC algorithms and match a "no decrypt" Decryption policy rule. The Decryption logs for sessions matching this criteria include details such as the key exchange (KE) and the negotiated EC curve.
In the case where SSL traffic matches an SSL Forward Proxy or SSL Inbound Inspection Decryption policy rule and the client only supports post-quantum algorithms, the session is dropped. The error column in the corresponding Decryption log states that the client only supports post-quantum algorithms.
By default, the firewall generates Decryption logs for all unsuccessful TLS handshake traffic. However, you can log both successful and unsuccessful TLS handshakes in the Log Settings of Decryption policy rules (PoliciesDecryptionOptions). Configure Decryption Logging shares additional considerations.
The following table summarizes how the firewall enforces and logs PQC activity.
Summary of PQC Detection, Blocking, and Logging Behavior
If Decryption Policy Rule TriggeredIf Decryption Policy Rule with No-Decrypt Action TriggeredIf No Decryption Policy Rule is Triggered
Client Supports Classical AlgorithmsClient Only Supports PQC or Hybrid PQC Algorithms
Session StatusPQC and hybrid PQC algorithms are stripped from the ClientHello, and the session restarts with classical algorithmsPQC algorithms are stripped from the ClientHello, and the session is droppedSession successfully negotiates with a PQC or hybrid PQC algorithm (no decryption)Session successfully negotiates with PQC or hybrid PQC algorithm (no decryption)
Decryption Log BehaviorDecryption logs note negotiation of a classical algorithm (a PQC algorithm is not noted as it was not negotiated)Log records the “Client only supports Post-Quantum algorithms" error messageThe Negotiated EC Curve column records the name of the PQC or hybrid PQC algorithm negotiatedNo log generated

Decryption Configuration Recommendations

Review the logging settings in your Decryption policy rules and use other tools for enhanced visibility and control over PQC and hybrid PQC activity in your network. The following recommendations assume a security-first approach to detection, enforcement, and logging:
  • Log successful and unsuccessful handshakes in the Log Settings of Decryption policy rules. Select PoliciesDecryptionOptions, and then select Log Successful SSL Handshakes and Log Unsuccessful SSL Handshakes.
    Logging all TLS handshakes may increase the volume of logs on your system. The default quota for Decryption logs is one percent of your firewall's log storage capacity. To configure a larger log storage space quota for Decryption logs, select DeviceSetupManagementLogging and Reporting SettingsLog Storage. (Configure Decryption Logging provides more details.)
  • Create exclusions or separate rules for internal testing of PQC and hybrid PQC algorithms.
  • To log traffic that you don’t decrypt, create a policy-based decryption exclusion or apply a “no decrypt” Decryption profile to the Decryption policy rules that govern this traffic.
  • Review the global counter for PQC and hybrid PQC algorithms. The counter increments whenever a client attempts to negotiate with a PQC or hybrid PQC algorithm. Use the following CLI command: show counter global name ssl_pqc_session_cnt.