Post-Quantum Cryptography Detection and Control
Focus
Focus

Post-Quantum Cryptography Detection and Control

Table of Contents

Post-Quantum Cryptography Detection and Control

NGFWs can detect, block or allow, and log TLSv1.3 sessions that use post-quantum cryptography.
Where Can I Use This?
What Do I Need?
  • NGFW (Cloud Managed)
  • NGFW (PAN-OS or Panorama Managed)
  • This feature has no prerequisites.
Post-quantum cryptography (PQC) algorithms and hybrid PQC algorithms (classical and PQC algorithms combined) are accessible through open-source libraries and integrated into web browsers and other technologies. Traffic encrypted by PQC or hybrid PQC algorithms cannot be decrypted yet, making these algorithms vulnerable to misuse. However, you can prevent the misuse of PQC and hybrid PQC algorithms and make informed decisions by monitoring PQC activity on your network.
Palo Alto Networks firewalls detect, block, and log the use of PQC and hybrid PQC algorithms in TLSv1.3 sessions. This is done automatically based on the settings in your Decryption policy rules. Review your rules and update your Decryption configuration as needed to get the most visibility into PQC activity. These actions should be part of your post-quantum migration planning and preparation strategy.

How the Firewall Detects and Handles Post-quantum Cryptography

If SSL traffic matches an SSL Forward Proxy or SSL Inbound Inspection Decryption policy rule, the firewall prevents negotiation with PQC, hybrid PQC, and other unsupported algorithms. The following detection and blocking process enables the firewall to continuously decrypt and identify threats during a session:
  1. ClientHello Inspection.
    The firewall checks the ClientHello for the
    supported_groups
    TLS extension. This extension specifies the groups that the client supports for key exchange.
  2. Comparison of Values.
    The firewall compares the hexadecimal value in the supported-groups extension to a set of known values for PQC and hybrid PQC algorithms. This is how the firewall identifies the specific algorithms supported by the client.
  3. Removal of Unsupported Algorithms.
    When SSL Forward Proxy and Inbound Decryption policy rules are applied, the firewall removes PQC, hybrid PQC, and other unsupported algorithms from the ClientHello. This forces the client to negotiate exclusively with classical algorithms.
  4. Session Restart and Negotiation with Classical Algorithms.
    The session restarts, and the client and server negotiate with classical algorithms. (For a list of supported cipher suites, see PAN-OS 11.1 Decryption Cipher Suites.)
However, if the client strictly negotiates PQC, hybrid PQC, or other unsupported algorithms, the firewall drops the session.
If SSL traffic matches a “no-decrypt” Decryption policy rule or doesn’t match any Decryption policy rules, the firewall allows negotiation with PQC or hybrid PQC algorithms. However, details of sessions that negotiate these algorithms are available in Decryption logs only when session traffic matches a "no-decrypt" Decryption policy rule.

Post-quantum Cryptography and Decryption Logs

Decryption logs provide visibility into post-quantum cryptography activity on your network for sessions that negotiate PQC or hybrid PQC algorithms and match a "no decrypt" Decryption policy rule. The Decryption logs for sessions matching this criteria include details such as the key exchange (KE) and the negotiated EC curve.
In the case where SSL traffic matches an SSL Forward Proxy or SSL Inbound Inspection Decryption policy rule and the client only supports post-quantum algorithms, the session is dropped. The error column in the corresponding Decryption log states that the
client only supports post-quantum algorithms
.
By default, the firewall generates Decryption logs for all unsuccessful TLS handshake traffic. However, you can log both successful and unsuccessful TLS handshakes in the Log Settings of Decryption policy rules (
Policies
Decryption
Options
). Configure Decryption Logging shares additional considerations.
The following table summarizes how the firewall enforces and logs PQC activity.
Summary of PQC Detection, Blocking, and Logging Behavior
If Decryption Policy Rule Triggered
If Decryption Policy Rule with No-Decrypt Action Triggered
If No Decryption Policy Rule is Triggered
Client Supports Classical Algorithms
Client Only Supports PQC or Hybrid PQC Algorithms
Session Status
PQC and hybrid PQC algorithms are stripped from the ClientHello, and the session restarts with classical algorithms
PQC algorithms are stripped from the ClientHello, and the session is dropped
Session successfully negotiates with a PQC or hybrid PQC algorithm (no decryption)
Session successfully negotiates with PQC or hybrid PQC algorithm (no decryption)
Decryption Log Behavior
Decryption logs note negotiation of a classical algorithm (a PQC algorithm is not noted as it was not negotiated)
Log records the “Client only supports Post-Quantum algorithms" error message
The Negotiated EC Curve column records the name of the PQC or hybrid PQC algorithm negotiated
No log generated

Decryption Configuration Recommendations

Review the logging settings in your Decryption policy rules and use other tools for enhanced visibility and control over PQC and hybrid PQC activity in your network. The following recommendations assume a security-first approach to detection, enforcement, and logging:
  • Log successful and unsuccessful handshakes in the Log Settings of Decryption policy rules. Select
    Policies
    Decryption
    Options
    , and then select
    Log Successful SSL Handshakes
    and
    Log Unsuccessful SSL Handshakes
    .
    Logging all TLS handshakes may increase the volume of logs on your system. The default quota for Decryption logs is one percent of your firewall's log storage capacity. To configure a larger log storage space quota for Decryption logs, select
    Device
    Setup
    Management
    Logging and Reporting Settings
    Log Storage
    . (Configure Decryption Logging provides more details.)
  • Create exclusions or separate rules for internal testing of PQC and hybrid PQC algorithms.
  • To log traffic that you don’t decrypt, create a policy-based decryption exclusion or apply a “no decrypt” Decryption profile to the Decryption policy rules that govern this traffic.
  • Review the global counter for PQC and hybrid PQC algorithms. The counter increments whenever a client attempts to negotiate with a PQC or hybrid PQC algorithm. Use the following CLI command:
    show counter global ssl_pqc_session_cnt
    .

Recommended For You