Paloalto disable MGMT CBC ciphers & TLS 1.1

首先建立一個SSL/TLS Service Profile, 選擇Certificate, Self-sign或trusted certificate並便用最低TLSv1.2

預設只有2個設定

# show shared ssl-tls-service-profile AAAAAA protocol-settings
protocol-settings {
min-version tls1-2;
max-version max;
}

# set shared ssl-tls-service-profile AAAAAA protocol-settings enc-algo-aes-128-cbc no
# set shared ssl-tls-service-profile AAAAAA protocol-settings enc-algo-aes-256-cbc no

再show一次就看到分別

# show shared ssl-tls-service-profile AAAAAA protocol-settings
protocol-settings {
min-version tls1-2;
max-version max;
enc-algo-aes-128-cbc no;
enc-algo-aes-256-cbc no;
}