Post-Quantum Cryptography Detection and Control
Table of Contents
Post-Quantum Cryptography Detection and Control
NGFWs can detect, block or allow, and log TLSv1.3 sessions that use post-quantum
cryptography.
Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Post-quantum cryptography (PQC) algorithms and
hybrid PQC algorithms (classical and PQC algorithms combined) are accessible through
open-source libraries and integrated into web browsers and other technologies. Traffic
encrypted by PQC or hybrid PQC algorithms cannot be decrypted yet, making these
algorithms vulnerable to misuse. However, you can prevent the misuse of PQC and hybrid
PQC algorithms and make informed decisions by monitoring PQC activity on your
network.
Palo Alto Networks firewalls detect, block, and log the use of PQC and hybrid PQC
algorithms in TLSv1.3 sessions. This is done automatically based on the settings in your
Decryption policy rules. Review your rules and update your Decryption configuration as needed to
get the most visibility into PQC activity. These actions should be part of your post-quantum migration planning and
preparation strategy.
How the Firewall Detects and Handles Post-quantum Cryptography
If SSL traffic matches an SSL Forward Proxy or SSL Inbound Inspection Decryption
policy rule, the firewall prevents negotiation with PQC, hybrid PQC, and other
unsupported algorithms. The
following detection and blocking process enables the firewall to continuously
decrypt and identify threats during a session:
- ClientHello Inspection.The firewall checks the ClientHello for thesupported_groupsTLS extension. This extension specifies the groups that the client supports for key exchange.
- Comparison of Values.The firewall compares the hexadecimal value in the supported-groups extension to a set of known values for PQC and hybrid PQC algorithms. This is how the firewall identifies the specific algorithms supported by the client.
- Removal of Unsupported Algorithms.When SSL Forward Proxy and Inbound Decryption policy rules are applied, the firewall removes PQC, hybrid PQC, and other unsupported algorithms from the ClientHello. This forces the client to negotiate exclusively with classical algorithms.
- Session Restart and Negotiation with Classical Algorithms.The session restarts, and the client and server negotiate with classical algorithms. (For a list of supported cipher suites, see PAN-OS 11.1 Decryption Cipher Suites.)
However, if the client strictly negotiates PQC, hybrid PQC, or other unsupported
algorithms, the firewall drops the session.
If SSL traffic matches a “no-decrypt” Decryption policy rule or doesn’t match any
Decryption policy rules, the firewall allows negotiation with PQC or hybrid PQC
algorithms. However, details of sessions that negotiate these algorithms are
available in Decryption logs only when session traffic matches a "no-decrypt"
Decryption policy rule.
Post-quantum Cryptography and Decryption Logs
Decryption logs provide visibility into
post-quantum cryptography activity on your network for sessions that negotiate PQC
or hybrid PQC algorithms and match a "no decrypt" Decryption policy rule. The
Decryption logs for sessions matching this criteria include details such as the key
exchange (KE) and the negotiated EC curve.
In the case where SSL traffic matches an SSL Forward Proxy or SSL Inbound
Inspection Decryption policy rule and the client only supports post-quantum
algorithms, the session is dropped. The error column in the corresponding
Decryption log states that the
client only supports post-quantum
algorithms
.
By default, the firewall generates Decryption logs for all unsuccessful TLS
handshake traffic. However, you can log both successful and unsuccessful TLS
handshakes in the Log Settings of Decryption policy rules (). Configure Decryption Logging shares
additional considerations.
If Decryption Policy Rule
Triggered | If Decryption Policy Rule with No-Decrypt Action
Triggered | If No Decryption Policy Rule is Triggered | ||
|---|---|---|---|---|
Client Supports Classical Algorithms | Client Only Supports PQC or Hybrid PQC Algorithms | |||
Session Status | PQC and hybrid PQC algorithms are stripped from the ClientHello,
and the session restarts with classical algorithms | PQC algorithms are stripped from the ClientHello, and the session
is dropped | Session successfully negotiates with a PQC or hybrid PQC
algorithm (no decryption) | Session successfully negotiates with PQC or hybrid PQC algorithm
(no decryption) |
Decryption Log Behavior | Decryption logs note negotiation of a classical algorithm (a PQC
algorithm is not noted as it was not negotiated) | Log records the “Client only supports Post-Quantum algorithms"
error message | The Negotiated EC Curve column records the name of the PQC or
hybrid PQC algorithm negotiated | No log generated |
Decryption Configuration Recommendations
Review the logging settings in your Decryption policy rules and use other tools for
enhanced visibility and control over PQC and hybrid PQC activity in your network.
The following recommendations assume a security-first approach to detection,
enforcement, and logging:
- Log successful and unsuccessful handshakes in the Log Settings of Decryption policy rules. Select , and then selectLog Successful SSL HandshakesandLog Unsuccessful SSL Handshakes.Logging all TLS handshakes may increase the volume of logs on your system. The default quota for Decryption logs is one percent of your firewall's log storage capacity. To configure a larger log storage space quota for Decryption logs, select . (Configure Decryption Logging provides more details.)
- Create exclusions or separate rules for internal testing of PQC and hybrid PQC algorithms.
- To log traffic that you don’t decrypt, create a policy-based decryption exclusion or apply a “no decrypt” Decryption profile to the Decryption policy rules that govern this traffic.
- Review the global counter for PQC and hybrid PQC algorithms. The counter increments whenever a client attempts to negotiate with a PQC or hybrid PQC algorithm. Use the following CLI command:show counter global ssl_pqc_session_cnt.