This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

SHA-1 unsupported

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

SHA-1 unsupported

Go to solution
vesna.djukic
L2 Linker

‎10-02-2014 12:28 AM

Hi all,

I apologize if the answer is already there, but we did not find it.

Is there any knowledge that the PAN will not support SHA-1 because it is outdated?

Thanks,

Vesna.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
hshah
L6 Presenter
In response to vesna.djukic

‎10-02-2014 07:16 AM

Hi Vesna,

SHA1 was supported on PANW for IPSec and continue to support on next release. We dont have any reason to block it.

SSL is pass through for PANW, hence we support all algorithms which SSL client and server supports. Hence SHA1 is also supported.

Let me know for additional question.

Regards,

Hardik Shah

View solution in original post

0 Likes Likes
7 REPLIES 7

Go to solution
mikand
L6 Presenter

‎10-02-2014 01:49 AM

Support SHA-1 in which context?

0 Likes Likes

Go to solution
gchandrasekaran
L2 Linker

‎10-02-2014 03:33 AM

Hi Vesna,

Could you let us know for which feature of PAN-OS would you like to know whether SHA-1 is supported or not? It could be for SSL/TLS decryption, IPSec VPN, PAN-OS certificates, etc. If it for IPSec, kindly refer the document IPSEC Crypto Options

Thank you

0 Likes Likes

Go to solution
vesna.djukic
L2 Linker
In response to gchandrasekaran

‎10-02-2014 05:34 AM

Hi,

Thank you very much. Do you have any information that PAN will not support SHA-1 in IPsec in next PAN-OS releases?

Do you have a documentation with list of supported algorithms for certificates and SSL?

Thank you again!

Go to solution
hshah
L6 Presenter
In response to vesna.djukic

‎10-02-2014 07:16 AM

Hi Vesna,

SHA1 was supported on PANW for IPSec and continue to support on next release. We dont have any reason to block it.

SSL is pass through for PANW, hence we support all algorithms which SSL client and server supports. Hence SHA1 is also supported.

Let me know for additional question.

Regards,

Hardik Shah

0 Likes Likes

Go to solution
jburugupalli
L3 Networker
In response to vesna.djukic

‎10-02-2014 07:18 AM

Hello Vesna,

Here is a list of cipher suites supported for inbound decryption:

Inbound SSL Decryption Not Working Due to Unsupported Cipher Suites

Also refer below link for list ciphers supported on PAN_OS and Panorama

Which Ciphers are Supported by PAN-OS and Panorama?

Thank you,

Jahnavi.

Go to solution
ssharma
L5 Sessionator

‎10-02-2014 08:39 AM

Hi Vensa,

We do not have plan to remove SHA-1 right away. SSHv1 is not supported for mgmt access to device. We continue to give SHA-1 as one of the option, but if you wish there are other stronger variant of SHA-1 that you can use. Hope this helps. Thank you.

Go to solution
vesna.djukic
L2 Linker
In response to hshah

‎10-03-2014 12:41 AM

Thank you very much everyone!

0 Likes Likes
  • 1 accepted solution
  • 5654 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks