Defined by destination host
—The
firewall determines the key size and the hashing algorithm for the
certificates it generates to establish SSL proxy sessions with clients
based on the destination server certificate. If the destination
server uses a 1,024-bit RSA key, the firewall generates a certificate
with a 1,024-bit RSA key. If the destination server uses a key size
larger than 1,024 bits (for example, 2,048 bits or 4,096 bits),
the firewall generates a certificate that uses a 2,048-bit RSA key.
If the destination server uses the SHA-1 hashing algorithm, the
firewall generates a certificate with the SHA-1 hashing algorithm.
If the destination server uses a hashing algorithm stronger than
SHA-1, the firewall generates a certificate with the SHA-256 algorithm. This
is the default setting.