https://live.paloaltonetworks.com/t5/general-topics/control-ssl-ciphers/m-p/9072#M6630 <HTML><HEAD></HEAD><BODY><P>Hello all,</P><P></P><P>Is it possible to deny/block inbound SSL flows - based on the SSL cipher parameter ? For example, deny SSL if the cipher is 128 bits ?</P><P>Maybe with a custom signature ?</P><P></P><P>Does anyone have an idea ?</P><P></P><P>Thanks you for your help,</P><P></P><P>Regards,</P></BODY></HTML> Tue, 27 Nov 2012 17:24:10 GMT LCMember191 2012-11-27T17:24:10Z https://live.paloaltonetworks.com/t5/general-topics/control-ssl-ciphers/m-p/9072#M6630 <HTML><HEAD></HEAD><BODY><P>Hello all,</P><P></P><P>Is it possible to deny/block inbound SSL flows - based on the SSL cipher parameter ? For example, deny SSL if the cipher is 128 bits ?</P><P>Maybe with a custom signature ?</P><P></P><P>Does anyone have an idea ?</P><P></P><P>Thanks you for your help,</P><P></P><P>Regards,</P></BODY></HTML> Tue, 27 Nov 2012 17:24:10 GMT https://live.paloaltonetworks.com/t5/general-topics/control-ssl-ciphers/m-p/9072#M6630 LCMember191 2012-11-27T17:24:10Z https://live.paloaltonetworks.com/t5/general-topics/control-ssl-ciphers/m-p/9073#M6631 <HTML><HEAD></HEAD><BODY><P>There is an option to block unsupported ciphers but I cant locate (in the PANOS 5.0 manuals) some way to either list or alter this list of supported ciphers.</P><P></P><P>Closest is to enable FIPS 140-2 mode which I think will (regarding SSL) only support AES256 or equal.</P></BODY></HTML> Tue, 27 Nov 2012 17:43:56 GMT https://live.paloaltonetworks.com/t5/general-topics/control-ssl-ciphers/m-p/9073#M6631 mikand 2012-11-27T17:43:56Z https://live.paloaltonetworks.com/t5/general-topics/control-ssl-ciphers/m-p/9074#M6632 <HTML><HEAD></HEAD><BODY><P>Hello Mikand,</P><P></P><P>Indeed, in 5.0, I hadn't find way to specify allowed or denied ciphers (only unsupported ciphers).</P><P>Maybe someone from Palo Alto Networks knows if it's in the roadmap ?</P></BODY></HTML> Wed, 28 Nov 2012 09:10:33 GMT https://live.paloaltonetworks.com/t5/general-topics/control-ssl-ciphers/m-p/9074#M6632 LCMember191 2012-11-28T09:10:33Z