The SSL Protocol Settings define the protocols and the
key exchange, encryption, and authentication algorithms that the
firewall accepts for outbound SSL Forward Proxy and inbound SSL
Inbound Inspection traffic.
The SSL Protocol Settings (ObjectsDecryption ProfileSSL DecryptionSSL Protocol Settings) control
whether you allow vulnerable SSL/TLS protocol versions, weak encryption
algorithms, and weak authentication algorithms. SSL Protocol Settings
apply to outbound SSL Forward Proxy and inbound SSL Inbound Inspection
traffic. These settings don’t apply to SSH Proxy traffic or to traffic
that you don’t decrypt.
When you configure SSL Protocol Settings
for SSL Inbound Inspection traffic, create separate profiles for
servers with different security capabilities. For example, if one
set of servers supports only RSA, the SSL Protocol Settings only
need to support RSA. However, the SSL Protocol Settings for servers that
support PFS should support PFS. Configure SSL Protocol Settings
for the highest level of security that the target server you are
protecting supports, but check performance to ensure that the firewall
resources can handle the higher processing load that higher security
protocols and algorithms require.
Protocol Versions:
Set the Min Version to TLSv1.2 to
provide the strongest security—business sites that value security
support TLSv1.2. If a site (or a category of sites) only supports
weaker ciphers, review the site and determine if it hosts a legitimate business
application. If it does, make an exception for only that site by
configuring a Decryption profile with a Min Version that matches
the strongest cipher the site supports and then applying the profile
to a Decryption policy rule that limits allowing the weak cipher
to only the site or sites in question. If the site doesn’t host
a legitimate business application, don’t weaken your security posture
to support the site—weak protocols (and ciphers) contain known vulnerabilities
that attackers can exploit.
If the site belongs to a category
of sites that you don’t need for business purposes, use URL Filtering to block access to the entire
category. Don’t support weak encryption or authentication algorithms
unless you must to support important legacy sites, and when you
make exceptions, create a separate Decryption profile that allows
the weaker protocol just for those sites. Don’t downgrade the main
Decryption profile that you apply to most sites to TLSv1.1 just
to accommodate a few exceptions.
Qualys
SSL Labs SSL Pulse web page provides up-to-date statistics
on the percentages of different ciphers and protocols in use on
the 150,000 most popular sites in the world so you can see trends
and understand how widespread worldwide support is for more secure
ciphers and protocols.
Set the Max Version to Max rather
than to a particular version so that as the protocols improve, the
firewall automatically supports the newest and best protocols. Whether
you intend to attach a Decryption profile to a Decryption policy
rule that governs inbound (SSL Inbound Inspection) or outbound (SSL Forward
Proxy) traffic, avoid allowing weak algorithms.
If your
Decryption policy supports mobile applications, many of which use
pinned certificates, set the Max Version to TLSv1.2.
Because TLSv1.3 encrypts certificate information that was not encrypted
in previous TLS versions, the firewall can’t automatically add decryption
exclusions based on certificate information, which affects some
mobile applications. Therefore, if you enable TLSv1.3, the firewall
may drop some mobile application traffic unless you create a No
Decryption policy for that traffic.
If you know the mobile
applications you use for business, consider creating a separate
Decryption policy and profile for those applications so that you
can enable TLSv1.3 for all other application traffic.
Key Exchange Algorithms: Leave all three boxes checked (default)
to support both RSA and PFS (DHE
and ECDHE) key exchanges unless the minimum version is set to TLSv1.3,
which only supports ECDHE.
To support HTTP/2 traffic, you
must leave the ECDHE box checked.
Encryption Algorithms: When you set the minimum protocol version
to TLSv1.2, the older, weaker 3DES and RC4 algorithms are automatically
unchecked (blocked). When you set the minimum protocol version to
TLSv1.3, the 3DES, RC4, AES128-CBC, and AES256-CBC algorithms are
automatically blocked. For any traffic for which you must allow
a weaker TLS protocol, create a separate Decryption profile and
apply it only to traffic for that site, and deselect the appropriate
boxes to allow the algorithm. Allowing traffic that uses the 3DES
or RC4 algorithms exposes your network to excessive risk. If blocking
3DES or RC4 prevents you from accessing a site that you must use
for business, create a separate Decryption profile and policy for
that site. Don’t weaken decryption for any other sites.
Authentication Algorithms: The firewall automatically blocks
the older, weaker MD5 algorithm. When TLSv1.3 is the minimum version,
the firewall also blocks SHA1. Do not allow MD5 authenticated traffic
on your network; SHA1 is the weakest authentication algorithm you
should allow. If no necessary sites use SHA1, block SHA1 traffic
to further reduce the attack surface.