SHA-1 unsupported

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

SHA-1 unsupported

L2 Linker

Hi all,

I apologize if the answer is already there, but we did not find it.

Is there any knowledge that the PAN will not support SHA-1 because it is outdated?

Thanks,

Vesna.

1 accepted solution

Accepted Solutions

Hi Vesna,

SHA1 was supported on PANW for IPSec and continue to support on next release. We dont have any reason to block it.

SSL is pass through for PANW, hence we support all algorithms which SSL client and server supports. Hence SHA1 is also supported.

Let me know for additional question.

Regards,

Hardik Shah

View solution in original post

7 REPLIES 7

L6 Presenter

Support SHA-1 in which context?

L2 Linker

Hi Vesna,

Could you let us know for which feature of PAN-OS would you like to know whether SHA-1 is supported or not? It could be for SSL/TLS decryption, IPSec VPN, PAN-OS certificates, etc. If it for IPSec, kindly refer the document IPSEC Crypto Options

Thank you

Hi,

Thank you very much. Do you have any information that PAN will not support SHA-1 in IPsec in next PAN-OS releases?

Do you have a documentation with list of supported algorithms for certificates and SSL?

Thank you again!

Hi Vesna,

SHA1 was supported on PANW for IPSec and continue to support on next release. We dont have any reason to block it.

SSL is pass through for PANW, hence we support all algorithms which SSL client and server supports. Hence SHA1 is also supported.

Let me know for additional question.

Regards,

Hardik Shah

Hello Vesna,

Here is a list of cipher suites supported for inbound decryption:

Inbound SSL Decryption Not Working Due to Unsupported Cipher Suites

Also refer below link for list ciphers supported on PAN_OS and Panorama

Which Ciphers are Supported by PAN-OS and Panorama?

Thank you,

Jahnavi.

L5 Sessionator

Hi Vensa,

We do not have plan to remove SHA-1 right away. SSHv1 is not supported for mgmt access to device. We continue to give SHA-1 as one of the option, but if you wish there are other stronger variant of SHA-1 that you can use. Hope this helps. Thank you.

Thank you very much everyone!

  • 1 accepted solution
  • 4776 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!