PAN-OS 8.1 Decryption Cipher Suites
List of cipher suites supported for IPSec on firewalls running PAN-OS® 8.1 in normal operation mode.
The following table lists cipher suites for decryption that are supported on firewalls running a PAN-OS® 8.1 release in normal (non-FIPS-CC) operational mode.
Feature or Function
Ciphers Supported in PAN-OS 8.1 Releases
SSH Decryption (SSHv2 only)—Encryption
SSH Decryption (SSHv2 only)—Message Authentication
SSL/TLS Decryption—NIST-approved Elliptical Curves
SSL/TLS Decryption—Perfect Forward Secrecy (PFS) Ciphers
If you use the DHE or ECDHE key exchange algorithms to enable PFS, you cannot use a hardware security module (HSM) to store the private keys used for SSL Inbound Inspection.