Palo Alto Networks Compatibility Matrix
    : PAN-OS 11.0 Administrative Session Cipher Suites
    Focus
    Download PDF
    Focus
    1. Home
    2. Palo Alto Networks Compatibility Matrix
    3. Supported Cipher Suites
    4. Cipher Suites Supported in PAN-OS 11.0
    5. PAN-OS 11.0 Administrative Session Cipher Suites
    Download PDF

    Palo Alto Networks Compatibility Matrix

    PAN-OS 11.0 Administrative Session Cipher Suites

    Table of Contents

    PAN-OS 11.0 Administrative Session Cipher Suites

    List of cipher suites supported for administrative sessions on firewalls running PAN-OS® 11.0 in normal operation mode.
    The following table lists the cipher suites for administrative sessions that are supported on firewalls running a PAN-OS® 11.0 release in normal (non-FIPS-CC) operational mode.
    If your firewall is running in FIPS-CC mode, see the list of PAN-OS 11.0 Cipher Suites Supported in FIPS-CC Mode.
    Feature or Function
    Ciphers Supported in PAN-OS 11.0 Releases
    Administrative Sessions to Web Interface
    TLSv1.1, TLSv1.2, and TLSv1.3 cipher suites
    TLSv1.3 cipher suites begin with “TLS”.
    • RSA-SEED-SHA1
    • RSA-CAMELLIA-128-SHA1
    • RSA-CAMELLIA-256-SHA1
    • RSA-AES-128-SHA1
    • RSA-AES-256-SHA1
    • RSA-AES-256-CBC-SHA1
    • RSA-AES-128-CBC-SHA-256
    • RSA-AES-256-CBC-SHA-256
    • RSA-AES-128-GCM-SHA-256
    • RSA-AES-256-GCM-SHA-384
    • DHE-RSA-AES-128-GCM-SHA-256
    • DHE-RSA-AES-256-GCM-SHA-384
    • ECDHE-RSA-AES-128-GCM-SHA-256
    • ECDHE-RSA-AES-256-GCM-SHA-384
    • ECDHE-ECDSA-AES-128-SHA1
    • ECDHE-ECDSA-AES-256-SHA1
    • ECDHE-ECDSA-AES-128-GCM-SHA-256
    • ECDHE-ECDSA-AES-256-GCM-SHA-384
    • TLS-AES-128-CCM-SHA256
    • TLS-AES-128-GCM-SHA256
    • TLS-AES-256-GCM-SHA384
    • TLS-CHACHA20-POLY1305-SHA256
    Administrative Sessions to CLI (SSH)—Encryption
    • AES-128-CTR
    • AES-192-CTR
    • AES-256-CTR
    • AES-128-GCM
    • AES-256-GCM
    • CHACHA20-POLY1305
    Administrative Sessions to CLI (SSH)—Message Authentication
    • UMAC-64
    • UMAC-128
    • HMAC-SHA1
    • HMAC-SHA2-256
    • HMAC-SHA-384
    • HMAC-SHA2-512
    Administrative Sessions to CLI (SSH)—Server Host Key Types
    • RSA keys—2048-bit, 3072-bit, and 4096-bit keys
    • ECDSA keys—256-bit, 384-bit, and 521-bit keys
    Administrative Sessions to CLI (SSH)—Key Exchange Algorithms
    • curve25519-sha256
    • diffie-hellman-group14-sha1
    • diffie-hellman-group14-sha256
    • diffie-hellman-group14-sha384
    • diffie-hellman-group16-sha512
    • diffie-hellman-group-exchange-sha256
    • ecdh-sha2-nistp256
    • ecdh-sha2-nistp384
    • ecdh-sha2-nistp521

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.