topic Disable TLS 1.0 and 1.1 and also weak cipher in General Topics https://live.paloaltonetworks.com/t5/general-topics/disable-tls-1-0-and-1-1-and-also-weak-cipher/m-p/1220626#M123289 <P><SPAN>How to disable TLS version 1.0 and 1.1, also to disable weak cipher for WildFire</SPAN></P> <P>&nbsp;</P> <P><SPAN><A href="https://docs.paloaltonetworks.com/advanced-wildfire/wildfire-appliance/set-up-and-manage-a-wildfire-appliance/set-up-authentication-using-custom-certs-standalone-wildfire-appliance/configure-authentication-with-custom-certificates-on-wf-500" target="_blank">Configure Authentication with Custom Certificates on the WildFire Appliance</A></SPAN></P> <P>&nbsp;</P> <P><SPAN>I went through this KB it shows how to disable the 1.0 and 1.1 but how to disable weak cipher in wildfire</SPAN></P> Mon, 17 Feb 2025 07:23:15 GMT S.Ramesh960545 2025-02-17T07:23:15Z Disable TLS 1.0 and 1.1 and also weak cipher https://live.paloaltonetworks.com/t5/general-topics/disable-tls-1-0-and-1-1-and-also-weak-cipher/m-p/1220626#M123289 <P><SPAN>How to disable TLS version 1.0 and 1.1, also to disable weak cipher for WildFire</SPAN></P> <P>&nbsp;</P> <P><SPAN><A href="https://docs.paloaltonetworks.com/advanced-wildfire/wildfire-appliance/set-up-and-manage-a-wildfire-appliance/set-up-authentication-using-custom-certs-standalone-wildfire-appliance/configure-authentication-with-custom-certificates-on-wf-500" target="_blank">Configure Authentication with Custom Certificates on the WildFire Appliance</A></SPAN></P> <P>&nbsp;</P> <P><SPAN>I went through this KB it shows how to disable the 1.0 and 1.1 but how to disable weak cipher in wildfire</SPAN></P> Mon, 17 Feb 2025 07:23:15 GMT https://live.paloaltonetworks.com/t5/general-topics/disable-tls-1-0-and-1-1-and-also-weak-cipher/m-p/1220626#M123289 S.Ramesh960545 2025-02-17T07:23:15Z Re: Disable TLS 1.0 and 1.1 and also weak cipher https://live.paloaltonetworks.com/t5/general-topics/disable-tls-1-0-and-1-1-and-also-weak-cipher/m-p/1220686#M123304 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/437548029">@S.Ramesh960545</a>,</P> <P>Where you can actually control the utilized ciphers is the SSH device server-profiles that you can apply. When you set the ssl-tls-service-profile you are already limiting the ciphers to what are applicable for the device in regards to the TLS versions that you have it set to allow. You can view that cipher information for administrative sessions to the GUI <A href="https://docs.paloaltonetworks.com/compatibility-matrix/reference/supported-cipher-suites/cipher-suites-supported-in-pan-os-11-2/cipher-suites-supported-in-pan-os-11-2-admin-sessions" target="_self">HERE</A>. </P> <P>&nbsp;</P> Mon, 17 Feb 2025 21:50:28 GMT https://live.paloaltonetworks.com/t5/general-topics/disable-tls-1-0-and-1-1-and-also-weak-cipher/m-p/1220686#M123304 BPry 2025-02-17T21:50:28Z