SHA-1 unsupported

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
vesna.djukic
L2 Linker

SHA-1 unsupported

Hi all,

I apologize if the answer is already there, but we did not find it.

Is there any knowledge that the PAN will not support SHA-1 because it is outdated?

Thanks,

Vesna.

Tags (3)

Accepted Solutions
hshah
L6 Presenter

Hi Vesna,

SHA1 was supported on PANW for IPSec and continue to support on next release. We dont have any reason to block it.

SSL is pass through for PANW, hence we support all algorithms which SSL client and server supports. Hence SHA1 is also supported.

Let me know for additional question.

Regards,

Hardik Shah

View solution in original post


All Replies
mikand
L6 Presenter

Support SHA-1 in which context?

gchandrasekaran
L2 Linker

Hi Vesna,

Could you let us know for which feature of PAN-OS would you like to know whether SHA-1 is supported or not? It could be for SSL/TLS decryption, IPSec VPN, PAN-OS certificates, etc. If it for IPSec, kindly refer the document IPSEC Crypto Options

Thank you

vesna.djukic
L2 Linker

Hi,

Thank you very much. Do you have any information that PAN will not support SHA-1 in IPsec in next PAN-OS releases?

Do you have a documentation with list of supported algorithms for certificates and SSL?

Thank you again!

hshah
L6 Presenter

Hi Vesna,

SHA1 was supported on PANW for IPSec and continue to support on next release. We dont have any reason to block it.

SSL is pass through for PANW, hence we support all algorithms which SSL client and server supports. Hence SHA1 is also supported.

Let me know for additional question.

Regards,

Hardik Shah

View solution in original post

jburugupalli
L3 Networker

Hello Vesna,

Here is a list of cipher suites supported for inbound decryption:

Inbound SSL Decryption Not Working Due to Unsupported Cipher Suites

Also refer below link for list ciphers supported on PAN_OS and Panorama

Which Ciphers are Supported by PAN-OS and Panorama?

Thank you,

Jahnavi.

ssharma
L5 Sessionator

Hi Vensa,

We do not have plan to remove SHA-1 right away. SSHv1 is not supported for mgmt access to device. We continue to give SHA-1 as one of the option, but if you wish there are other stronger variant of SHA-1 that you can use. Hope this helps. Thank you.

vesna.djukic
L2 Linker

Thank you very much everyone!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!