control SSL ciphers

Showing results for 
Search instead for 
Did you mean: 

control SSL ciphers

L0 Member

Hello all,

Is it possible to deny/block inbound SSL flows - based on the SSL cipher parameter ? For example, deny SSL if the cipher is 128 bits ?

Maybe with a custom signature ?

Does anyone have an idea ?

Thanks you for your help,



L6 Presenter

There is an option to block unsupported ciphers but I cant locate (in the PANOS 5.0 manuals) some way to either list or alter this list of supported ciphers.

Closest is to enable FIPS 140-2 mode which I think will (regarding SSL) only support AES256 or equal.

Hello Mikand,

Indeed, in 5.0, I hadn't find way to specify allowed or denied ciphers (only unsupported ciphers).

Maybe someone from Palo Alto Networks knows if it's in the roadmap ?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!