PAN-OS 8.1 Cipher Suites Supported in FIPS-CC Mode
Table of Contents
Expand all | Collapse all
-
- Cloud Identity Engine Cipher Suites
-
- PAN-OS 11.1 GlobalProtect Cipher Suites
- PAN-OS 11.1 IPSec Cipher Suites
- PAN-OS 11.1 IKE and Web Certificate Cipher Suites
- PAN-OS 11.1 Decryption Cipher Suites
- PAN-OS 11.1 Administrative Session Cipher Suites
- PAN-OS 11.1 HA1 SSH Cipher Suites
- PAN-OS 11.1 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 11.1 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 11.0 GlobalProtect Cipher Suites
- PAN-OS 11.0 IPSec Cipher Suites
- PAN-OS 11.0 IKE and Web Certificate Cipher Suites
- PAN-OS 11.0 Decryption Cipher Suites
- PAN-OS 11.0 Administrative Session Cipher Suites
- PAN-OS 11.0 HA1 SSH Cipher Suites
- PAN-OS 11.0 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 11.0 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 10.2 GlobalProtect Cipher Suites
- PAN-OS 10.2 IPSec Cipher Suites
- PAN-OS 10.2 IKE and Web Certificate Cipher Suites
- PAN-OS 10.2 Decryption Cipher Suites
- PAN-OS 10.2 Administrative Session Cipher Suites
- PAN-OS 10.2 HA1 SSH Cipher Suites
- PAN-OS 10.2 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 10.2 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 10.1 GlobalProtect Cipher Suites
- PAN-OS 10.1 IPSec Cipher Suites
- PAN-OS 10.1 IKE and Web Certificate Cipher Suites
- PAN-OS 10.1 Decryption Cipher Suites
- PAN-OS 10.1 Administrative Session Cipher Suites
- PAN-OS 10.1 HA1 SSH Cipher Suites
- PAN-OS 10.1 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 10.1 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 9.1 GlobalProtect Cipher Suites
- PAN-OS 9.1 IPSec Cipher Suites
- PAN-OS 9.1 IKE and Web Certificate Cipher Suites
- PAN-OS 9.1 Decryption Cipher Suites
- PAN-OS 9.1 Administrative Session Cipher Suites
- PAN-OS 9.1 HA1 SSH Cipher Suites
- PAN-OS 9.1 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 9.1 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 8.1 GlobalProtect Cipher Suites
- PAN-OS 8.1 IPSec Cipher Suites
- PAN-OS 8.1 IKE and Web Certificate Cipher Suites
- PAN-OS 8.1 Decryption Cipher Suites
- PAN-OS 8.1 Administrative Session Cipher Suites
- PAN-OS 8.1 HA1 SSH Cipher Suites
- PAN-OS 8.1 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 8.1 Cipher Suites Supported in FIPS-CC Mode
PAN-OS 8.1 Cipher Suites Supported in FIPS-CC Mode
List of cipher suites supported on firewalls running
PAN-OS® 8.1 in FIPS-CC mode.
The following table lists cipher suites that are supported
on firewalls running a PAN-OS® 8.1 release in FIPS-CC mode.
If your firewall is running in normal (non-FIPS-CC) operational mode,
see Cipher
Suites Supported in PAN-OS 8.1
Functions | Standards | Certificates |
---|---|---|
Asymmetric key generation | ||
FFC key pair generation (key size 2048 bits) | FIPS PUB 186-4 | Appliances: DSA #1485 VMs: DSA
#1497 |
ECC key pair generation (NIST curves P-256,
P-384) | FIPS PUB 186-4 | Appliances: ECDSA #1570 VMs: ECDSA
#1575 |
RSA key generation (2048 bits or greater) | FIPS PUB 186-4 | Appliances: RSA #3086 VMs: RSA
#3090 |
Cryptographic Key Generation
(for IKE Peer Authentication) | ||
RSA key generation (2048 bits or greater) | FIPS PUB 186-4 | Appliances: RSA #3086 VMs: RSA
#3090 |
ECDSA key pair generation (NIST curves P-256,
P-384) | FIPS PUB 186-4 | Appliances: ECDSA #1570 VMs: ECDSA
#1575 |
Cryptographic Key Establishment | ||
ECDSA-based key establishment | NIST SP 800-56A Revision 2 | Appliances: CVL #2119 VMs: CVL
#2128 |
FFC-based key establishment | NIST SP 800-56A Revision 2 | Appliances: CVL #2119 VMs: CVL
#2128 |
AES Data Encryption/Decryption | ||
|
| Appliances: AES #5890 VMs: AES
#5902 |
Signature Generation and
Verification | ||
RSA Digital Signature Algorithm (rDSA) (2048
bits or greater) | FIPS PUB 186-4, “Digital Signature Standard
(DSS)”, Section 5.5, using PKCS #1 v2.1 Signature Schemes RSASSA-PSS
and/or RSASSAPKCS1v1_5; ISO/IEC 9796-2, Digital signature scheme
2 or Digital Signature scheme 3 | Appliances: RSA #3086 VMs: RSA
#3090 |
ECDSA (NIST curves P-256, P-384, and P-521) | FIPS PUB 186-4, “Digital Signature Standard
(DSS)”, Section 6 and Appendix D, Implementing "NIST curves" P-256,
P-384, ISO/IEC 14888-3, Section 6.4 | Appliances: RSA #1570 VMs: RSA
#1575 |
Cryptographic hashing | ||
SHA-1, SHA-256, SHA-384, and SHA-512 (digest
sizes 160, 256, 384, and 512 bits) | ISO/IEC 10118-3:2004 FIPS PUB 180-4 | Appliances: SHS #4641 VMs: SHS
#4658 |
Keyed-hash message authentication | ||
| ISO/IEC 9797-2:2011 FIPS PUB 198-1 | Appliances: HMAC #3865 VMs: HMAC
#3882 |
Random bit generation | ||
CTR_DRBG (AES-256) | ISO/IEC 18031:2011 NIST SP 800-90A | Appliances: DRBG #2451 VMs: DRBG
#2464 |