Previously, you could not configure TLSv1.3 support for administrative access in the standard SSL/TLS service profile. In addition, you could only manage cipher suites using the command line interface (CLI). PAN-OS® 11.1 solves these challenges by enhancing the SSL/TLS service profile.

You can now select TLSv1.3 as the minimum and maximum supported TLS version directly in an SSL/TLS service profile. Selecting TLSv1.3 automatically enables a set of modern and secure cipher suites. Additionally, you can customize key exchange algorithms, encryption algorithms, and authentication algorithms without using the CLI.

TLSv1.3 improves the security and performance of administrative connections to your Next-Generation Firewalls and other management interfaces. The protocol removes support for vulnerable algorithms, mandates perfect forward secrecy, and reduces connection latency through a faster TLS handshake.