If the destination server uses a 1,024-bit RSA key, the
firewall generates a certificate with a 1,024-bit RSA
key.
If the destination server uses a key size larger than
1,024 bits (for example, 2,048 or 4,096 bits), the
firewall generates a certificate with a 2,048-bit RSA
key.
If the destination server uses the SHA-1 hashing
algorithm, the firewall generates a certificate with the
SHA-1 hashing algorithm.
If the destination server uses a hashing algorithm
stronger than SHA-1, the firewall generates a
certificate with the SHA-256 algorithm.