You can now decrypt, gain full visibility into, and prevent known and unknown threats in TLSv1.3 protocol traffic. TLSv1.3 is the latest version of the TLS protocol, which provides security and performance improvements for applications. PAN-OS 10.0 supports TLSv1.3 decryption in all modes: SSL Forward Proxy, SSL Inbound Inspection, SSL Decryption Broker, and SSL Decryption Port Mirroring, and also for GlobalProtect Clientless VPN (browser to GlobalProtect Portal only).

You can now troubleshoot SSL Decryption-related issues and assess your security posture more easily with new Application Command Center (ACC) features and consolidated Decryption logs. Use the new ACC features to identify traffic for which decryption causes problems and then use the new Decryption logs to drill down into details and solve the problem. Also use the new ACC features to identify the amount of TLS traffic, non-TLS traffic, decrypted traffic, and non-decrypted TLS traffic. In addition, use the ACC to identify traffic that uses weak algorithms and protocols and mitigate the risk associated with applications, servers, and other devices that use older, more insecure protocols and algorithms.