Palo Alto Networks Compatibility Matrix
  • Palo Alto Networks Compatibility Matrix
  • Compatibility Matrix Documentation
  • All Documentation
>
PAN-OS 11.2 Administrative Session Cipher Suites
Focus
Download PDF
Focus
  1. Home
  2. Compatibility Matrix
  3. Supported Cipher Suites
  4. Cipher Suites Supported in PAN-OS 11.2
  5. PAN-OS 11.2 Administrative Session Cipher Suites
Download PDF
Compatibility Matrix

PAN-OS 11.2 Administrative Session Cipher Suites

Table of Contents

PAN-OS 11.2 Administrative Session Cipher Suites

List of cipher suites supported for administrative sessions on firewalls running PAN-OS® 11.2 in normal operation mode.
The following table lists the cipher suites for administrative sessions that are supported on firewalls running a PAN-OS® 11.2 release in normal (non-FIPS-CC) operational mode.
If your firewall is running in FIPS-CC mode, see the list of PAN-OS 11.2 Cipher Suites Supported in FIPS-CC Mode.
  • Administrative Sessions to Web Interface
  • Administrative Sessions to CLI (SSH)—Encryption
  • Administrative Sessions to CLI (SSH)—Message Authentication
  • Administrative Sessions to CLI (SSH)—Server Host Key Types
  • Administrative Sessions to CLI (SSH)—Key Exchange Algorithms
Feature or Function
Ciphers Supported in PAN-OS 11.2 Releases
Administrative Sessions to Web Interface
TLSv1.1, TLSv1.2, and TLSv1.3 cipher suites
TLSv1.3 cipher suites begin with “TLS”.
  • RSA-SEED-SHA1
  • RSA-CAMELLIA-128-SHA1
  • RSA-CAMELLIA-256-SHA1
  • RSA-AES-128-SHA1
  • RSA-AES-256-SHA1
  • RSA-AES-256-CBC-SHA1
  • RSA-AES-128-CBC-SHA-256
  • RSA-AES-256-CBC-SHA-256
  • RSA-AES-128-GCM-SHA-256
  • RSA-AES-256-GCM-SHA-384
  • DHE-RSA-AES-128-GCM-SHA-256
  • DHE-RSA-AES-256-GCM-SHA-384
  • ECDHE-RSA-AES-128-GCM-SHA-256
  • ECDHE-RSA-AES-256-GCM-SHA-384
  • ECDHE-ECDSA-AES-128-SHA1
  • ECDHE-ECDSA-AES-256-SHA1
  • ECDHE-ECDSA-AES-128-GCM-SHA-256
  • ECDHE-ECDSA-AES-256-GCM-SHA-384
  • TLS-AES-128-CCM-SHA256
  • TLS-AES-128-GCM-SHA256
  • TLS-AES-256-GCM-SHA384
  • TLS-CHACHA20-POLY1305-SHA256
Administrative Sessions to CLI (SSH)—Encryption
  • AES-128-CTR
  • AES-192-CTR
  • AES-256-CTR
  • AES-128-GCM
  • AES-256-GCM
  • CHACHA20-POLY1305
Administrative Sessions to CLI (SSH)—Message Authentication
  • UMAC-64
  • UMAC-128
  • HMAC-SHA1
  • HMAC-SHA2-256
  • HMAC-SHA-384
  • HMAC-SHA2-512
Administrative Sessions to CLI (SSH)—Server Host Key Types
  • RSA keys—2048-bit, 3072-bit, and 4096-bit keys
  • ECDSA keys—256-bit, 384-bit, and 521-bit keys
Administrative Sessions to CLI (SSH)—Key Exchange Algorithms
  • curve25519-sha256
  • diffie-hellman-group14-sha1
  • diffie-hellman-group14-sha256
  • diffie-hellman-group14-sha384
  • diffie-hellman-group16-sha512
  • diffie-hellman-group-exchange-sha256
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.