SHA-1 unsupported

Reply
L2 Linker

SHA-1 unsupported

Hi all,

I apologize if the answer is already there, but we did not find it.

Is there any knowledge that the PAN will not support SHA-1 because it is outdated?

Thanks,

Vesna.

Tags (3)

Accepted Solutions
Highlighted
L6 Presenter

Hi Vesna,

SHA1 was supported on PANW for IPSec and continue to support on next release. We dont have any reason to block it.

SSL is pass through for PANW, hence we support all algorithms which SSL client and server supports. Hence SHA1 is also supported.

Let me know for additional question.

Regards,

Hardik Shah

View solution in original post


All Replies
Highlighted
L6 Presenter

Support SHA-1 in which context?

Highlighted
L2 Linker

Hi Vesna,

Could you let us know for which feature of PAN-OS would you like to know whether SHA-1 is supported or not? It could be for SSL/TLS decryption, IPSec VPN, PAN-OS certificates, etc. If it for IPSec, kindly refer the document IPSEC Crypto Options

Thank you

Highlighted
L2 Linker

Hi,

Thank you very much. Do you have any information that PAN will not support SHA-1 in IPsec in next PAN-OS releases?

Do you have a documentation with list of supported algorithms for certificates and SSL?

Thank you again!

Highlighted
L6 Presenter

Hi Vesna,

SHA1 was supported on PANW for IPSec and continue to support on next release. We dont have any reason to block it.

SSL is pass through for PANW, hence we support all algorithms which SSL client and server supports. Hence SHA1 is also supported.

Let me know for additional question.

Regards,

Hardik Shah

View solution in original post

Highlighted
L3 Networker

Hello Vesna,

Here is a list of cipher suites supported for inbound decryption:

Inbound SSL Decryption Not Working Due to Unsupported Cipher Suites

Also refer below link for list ciphers supported on PAN_OS and Panorama

Which Ciphers are Supported by PAN-OS and Panorama?

Thank you,

Jahnavi.

Highlighted
L5 Sessionator

Hi Vensa,

We do not have plan to remove SHA-1 right away. SSHv1 is not supported for mgmt access to device. We continue to give SHA-1 as one of the option, but if you wish there are other stronger variant of SHA-1 that you can use. Hope this helps. Thank you.

Highlighted
L2 Linker

Thank you very much everyone!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!