Decryption Algorithms, Resource Impact, and TLS 1.3 Caveats

This document provides an overview of decryption algorithms, their impact on resources, and specific considerations for TLS 1.3 when configuring decryption on Palo Alto Networks firewalls.

Decryption Algorithms

Key Exchange Algorithms

• RSA: Traditional key exchange method; lacks Perfect Forward Secrecy (PFS).
• DHE (Diffie-Hellman Ephemeral): Provides PFS; uses ephemeral keys for each session.
• ECDHE (Elliptic Curve Diffie-Hellman Ephemeral): Offers PFS with improved performance over DHE; widely adopted in modern TLS implementations.

Encryption Algorithms

• AES-128-GCM: Authenticated encryption with good performance and security.
• AES-256-GCM: Stronger encryption than AES-128-GCM; may have a slight performance impact.
• CHACHA20-POLY1305: Optimized for environments without hardware acceleration; offers high performance and security.

Authentication Algorithms

• SHA-256: Commonly used in TLS 1.2 and 1.3 for message authentication.
• SHA-384: Provides stronger security; used in conjunction with AES-256-GCM.

Resource Utilization Impact

Decrypting SSL/TLS traffic consumes CPU and memory resources on the firewall. Factors influencing resource consumption include:

• Volume of Encrypted Traffic: Higher volumes require more processing power.
• Key Exchange Method: ECDHE and DHE consume more resources than RSA due to the computation of ephemeral keys.
• Encryption Algorithm: Algorithms like AES-256-GCM are more resource-intensive than AES-128-GCM.
• TLS Version: TLS 1.3 introduces changes that can impact resource utilization, such as the elimination of certain handshake steps.

It's essential to size your firewall appropriately based on the expected decryption load. For detailed guidance, refer to Palo Alto Networks' documentation on sizing firewalls for decryption requirements.

TLS 1.3 Caveats

When implementing TLS 1.3 decryption, consider the following caveats:

• Encrypted SNI: TLS 1.3 supports encrypted Server Name Indication (SNI), which can hinder the firewall's ability to perform URL filtering on non-decrypted traffic.
• Certificate Information Encryption: TLS 1.3 encrypts more of the handshake, including certificate information, making it challenging for the firewall to inspect certificates without decryption.
• Compatibility Issues: Some applications may not function correctly when their TLS 1.3 traffic is decrypted. In such cases, consider creating exceptions or disabling decryption for specific traffic.
• Performance Considerations: TLS 1.3's streamlined handshake can improve performance, but the increased encryption may require more processing power during decryption.

Ensure that your decryption profiles are configured to handle TLS 1.3 appropriately, balancing security and performance needs.

References

• TLS 1.3 Decryption Support
• Sizing Firewalls for Decryption Requirements
• Supported Cipher Suites in PAN-OS 10.1