PAN-OS 9.1 Administrative Session Cipher Suites
Focus
Focus
Compatibility Matrix

PAN-OS 9.1 Administrative Session Cipher Suites

Table of Contents

PAN-OS 9.1 Administrative Session Cipher Suites

List of cipher suites supported for administrative sessions on firewalls running PAN-OS® 9.1 in normal operation mode.
The following table lists the cipher suites for administrative sessions that are supported on firewalls running a PAN-OS® 9.1 release in normal (non-FIPS-CC) operational mode.
If your firewall is running in FIPS-CC mode, see the list of PAN-OS 9.1 Cipher Suites Supported in FIPS-CC Mode.
Feature or Function
Ciphers Supported in PAN-OS 9.1 Releases
Administrative Sessions to Web Interface
  • TLSv1.1 and TLSv1.2 cipher suites
  • RSA-SEED-SHA-1
  • RSA-CAMELLIA-128-SHA-1
  • RSA-CAMELLIA-256-SHA-1
  • RSA-3DES-SHA-1
  • RSA-AES-128-SHA-1
  • RSA-AES-256-SHA-1
  • RSA-AES-256-CBC-SHA-1
  • RSA-AES-128-CBC-SHA-256
  • RSA-AES-256-CBC-SHA-256
  • RSA-AES-128-GCM-SHA-256
  • RSA-AES-256-GCM-SHA-384
  • DHE-RSA-3DES-SHA-1
  • DHE-RSA-AES-128-GCM-SHA-256
  • DHE-RSA-AES-256-GCM-SHA-384
  • ECDHE-RSA-AES-128-GCM-SHA-256
  • ECDHE-RSA-AES-256-GCM-SHA-384
  • ECDHE-ECDSA-AES-128-SHA-1
  • ECDHE-ECDSA-AES-256-SHA-1
  • ECDHE-ECDSA-AES-128-GCM-SHA-256
  • ECDHE-ECDSA-AES-256-GCM-SHA-384
Administrative Sessions to CLI (SSH)—Encryption
  • 3DES-CBC
  • ARCFOUR128
  • ARCFOUR256
  • BLOWFISH-CBC
  • CAST128-CBC
  • AES-128-CBC
  • AES-192-CBC
  • AES-256-CBC
  • AES-128-CTR
  • AES-192-CTR
  • AES-256-CTR
  • AES-128-GCM
  • AES-256-GCM
Administrative Sessions to CLI (SSH)—Message Authentication
  • UMAC-64
  • UMAC-128
  • HMAC-MD5-96
  • HMAC-MD5
  • HMAC-SHA-1-96
  • HMAC-RIPEMD-160
  • HMAC-SHA-1
  • HMAC-SHA-256
  • HMAC-SHA-512
Administrative Sessions to CLI (SSH)—Server Host Key Types
  • RSA keys—2048-bit, 3072-bit, and 4096-bit keys
  • ECDSA keys—256-bit, 384-bit, and 521-bit keys
Administrative Sessions to CLI (SSH)—Key Exchange Algorithms
  • diffie-hellman-group1-SHA-1
  • diffie-hellman-group14-SHA-1
  • diffie-hellman-group-exchange-SHA-1
  • diffie-hellman-group-exchange-SHA-256
  • ecdh-SHA-2-nistp256
  • ecdh-SHA-2-nistp384
  • ecdh-SHA-2-nistp521