I apologize if the answer is already there, but we did not find it.
Is there any knowledge that the PAN will not support SHA-1 because it is outdated?
Solved! Go to Solution.
Could you let us know for which feature of PAN-OS would you like to know whether SHA-1 is supported or not? It could be for SSL/TLS decryption, IPSec VPN, PAN-OS certificates, etc. If it for IPSec, kindly refer the document IPSEC Crypto Options
Thank you very much. Do you have any information that PAN will not support SHA-1 in IPsec in next PAN-OS releases?
Do you have a documentation with list of supported algorithms for certificates and SSL?
Thank you again!
SHA1 was supported on PANW for IPSec and continue to support on next release. We dont have any reason to block it.
SSL is pass through for PANW, hence we support all algorithms which SSL client and server supports. Hence SHA1 is also supported.
Let me know for additional question.
Here is a list of cipher suites supported for inbound decryption:
Also refer below link for list ciphers supported on PAN_OS and Panorama
We do not have plan to remove SHA-1 right away. SSHv1 is not supported for mgmt access to device. We continue to give SHA-1 as one of the option, but if you wish there are other stronger variant of SHA-1 that you can use. Hope this helps. Thank you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!