Is it possible to deny/block inbound SSL flows - based on the SSL cipher parameter ? For example, deny SSL if the cipher is 128 bits ?
Maybe with a custom signature ?
Does anyone have an idea ?
Thanks you for your help,
There is an option to block unsupported ciphers but I cant locate (in the PANOS 5.0 manuals) some way to either list or alter this list of supported ciphers.
Closest is to enable FIPS 140-2 mode which I think will (regarding SSL) only support AES256 or equal.
Indeed, in 5.0, I hadn't find way to specify allowed or denied ciphers (only unsupported ciphers).
Maybe someone from Palo Alto Networks knows if it's in the roadmap ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!