Palo Alto Detect TLS 1.0 and 1.1

Back in March of 2020, TLS 1.0 and 1.1 were deprecated and you shouldn’t be using it. TLS 1.2 is also old but it should be the one used today. TLS1.3 is the future version.

All you need to do is create Custom Vulnerability Threat and match against the SSL-RSP-version values. The SSL-RSP-versions are below:

TLS 1.0 is decimal 769
TLS 1.1 is decimal 770
TLS 1.2 is decimal 771

If you construct a TLS 1.2 threat, I propose changing it to allow rather than alert mode because it will be highly noisy. However, if you need to double-check the functionality, it’s handy.

Here’s an example in the GUI:
palo-tls-detect

Below I put the XML for each version. You need to change the {} to <>. You can just import these into the Palo. That’s what I do.

Example:
Below is what it looks like when you import the XML file.

TLS1

 

You now have to enable this new Threat under the Vulnerability profile. Be sure you assign this profile to the rules.

TLS2

NOTE:
The threat ID’s from 41000 to 45000 are reserved for Custom Vulnerability signatures.

TLS1.0:

{vulnerability-threat version="9.0.0"}
  {entry name="41000"}
    {signature}
      {standard}
        {entry name="TLSv1.0"}
          {and-condition}
            {entry name="And Condition 1"}
              {or-condition}
                {entry name="Or Condition 1"}
                  {operator}
                    {equal-to}
                      {value}769{/value}
                      {context}ssl-rsp-version{/context}
                    {/equal-to}
                  {/operator}
                {/entry}
              {/or-condition}
            {/entry}
          {/and-condition}
          {order-free}no{/order-free}
          {scope}protocol-data-unit{/scope}
        {/entry}
      {/standard}
    {/signature}
    {default-action}
      {alert/}
    {/default-action}
    {threatname}TLS 1.0 Server Response{/threatname}
    {severity}informational{/severity}
    {direction}both{/direction}
    {comment}TLS 1.0{/comment}
    {affected-host}
      {client}yes{/client}
    {/affected-host}
  {/entry}
{/vulnerability-threat}

TLS1.1:

{vulnerability-threat version="9.0.0"}
  {entry name="41001"}
    {signature}
      {standard}
        {entry name="TLSv1.1"}
          {and-condition}
            {entry name="And Condition 1"}
              {or-condition}
                {entry name="Or Condition 1"}
                  {operator}
                    {equal-to}
                      {value}770{/value}
                      {context}ssl-rsp-version{/context}
                    {/equal-to}
                  {/operator}
                {/entry}
              {/or-condition}
            {/entry}
          {/and-condition}
          {order-free}no{/order-free}
          {scope}protocol-data-unit{/scope}
        {/entry}
      {/standard}
    {/signature}
    {default-action}
      {alert/}
    {/default-action}
    {threatname}TLS 1.1 Server Response{/threatname}
    {severity}informational{/severity}
    {direction}both{/direction}
    {affected-host}
      {client}yes{/client}
    {/affected-host}
  {/entry}
{/vulnerability-threat}

TLS1.2:

{vulnerability-threat version="9.0.0"}
  {entry name="41002"}
    {signature}
      {standard}
        {entry name="TLSv1.2"}
          {and-condition}
            {entry name="And Condition 1"}
              {or-condition}
                {entry name="Or Condition 1"}
                  {operator}
                    {equal-to}
                      {value}771{/value}
                      {context}ssl-rsp-version{/context}
                    {/equal-to}
                  {/operator}
                {/entry}
              {/or-condition}
            {/entry}
          {/and-condition}
          {order-free}no{/order-free}
          {scope}protocol-data-unit{/scope}
        {/entry}
      {/standard}
    {/signature}
    {default-action}
      {alert/}
    {/default-action}
    {threatname}TLS 1.2 Server Response{/threatname}
    {severity}informational{/severity}
    {direction}both{/direction}
    {affected-host}
      {client}yes{/client}
    {/affected-host}
  {/entry}
{/vulnerability-threat}

TLS1.3:

{vulnerability-threat version="9.0.0"}
  {entry name="41003"}
    {signature}
      {standard}
        {entry name="TLSv1.3"}
          {and-condition}
            {entry name="And Condition 1"}
              {or-condition}
                {entry name="Or Condition 1"}
                  {operator}
                    {equal-to}
                      {value}772{/value}
                      {context}ssl-rsp-version{/context}
                    {/equal-to}
                  {/operator}
                {/entry}
              {/or-condition}
            {/entry}
          {/and-condition}
          {order-free}no{/order-free}
          {scope}protocol-data-unit{/scope}
        {/entry}
      {/standard}
    {/signature}
    {default-action}
      {alert/}
    {/default-action}
    {threatname}TLS 1.3 Server Response{/threatname}
    {severity}informational{/severity}
    {direction}both{/direction}
    {affected-host}
      {client}yes{/client}
    {/affected-host}
  {/entry}
{/vulnerability-threat}

Below are responses from both Microsoft and Google about TLS 1.0 and 1.1.

From Microsoft:
The Chromium-based Edge browser will lose TLS 1.0 and 1.1 support around July:

For the new Microsoft Edge (based on Chromium), TLS 1.0 and 1.1 are currently planned to be disabled by default no sooner than Microsoft Edge version 84 (currently planned for July 2020).

Other Microsoft browsers will lose TLS 1.0 and 1.1 support around September:

For all supported versions of Internet Explorer 11 and Microsoft Edge Legacy (EdgeHTML-based), TLS 1.0 and TLS 1.1 will be disabled by default as of September 8, 2020.

From Google:
Remove TLS 1.0 and TLS 1.1
Note: Removal of TLS 1.0 and TLS 1.1 was delayed to Chrome 84, which is expected to ship in July 2020.
TLS (Transport Layer Security) is the protocol which secures HTTPS. It has a long history stretching back to the nearly twenty-year-old TLS 1.0 and its even older predecessor, SSL. Both TLS 1.0 and 1.1 have a number of weaknesses.

TLS 1.0 and 1.1 use MD5 and SHA-1, both weak hashes, in the transcript hash for the Finished message.
TLS 1.0 and 1.1 use MD5 and SHA-1 in the server signature. (Note: this is not the signature in the certificate.)
TLS 1.0 and 1.1 only support RC4 and CBC ciphers. RC4 is broken and has since been removed. TLS’s CBC mode construction is flawed and is vulnerable to attacks.
TLS 1.0’s CBC ciphers additionally construct their initialization vectors incorrectly.
TLS 1.0 is no longer PCI-DSS compliant.
Supporting TLS 1.2 is a prerequisite to avoiding the above problems. The TLS working group has deprecated TLS 1.0 and 1.1. Chrome has now also deprecated these protocols.

More Stories
Palo Alto – Source Ping