How to disable SSLv3 / TLSv1

Description

This article explains how to disable SSLv3 and TLSv1.0 in SonicOS. These are old protocols, now considered very vulnerable to attacks.

NOTE: SSLv3 and TLSv1 are disabled by default on all the latest SonicOS versions (i.e. 6.2.7.1 and above and 5.9.1.8 and above)

 

Resolution

To enable/disable SSLv3 and TLSv1 on older firmware versions:

  1. Navigate to the diag.html page of the firewal: https://SonicWall_IPAddress/diag.html
  2. Navigate to Encryption Settings to find the options to disable SSL V3 and TLS V1.0:

Image

To enable SSLv3 and TLSv1 on newer versions:

  1. Navigate to the diag.html page of the firewal: https://SonicWall_IPAddress/diag.html
  2. Navigate to Encryption Settings
  3. Check the option "Enable TLS compatible mode"

Image

 

CAUTION: When enabled, SonicOS will support legacy protocol versions and ciphers to be compatible with legacy devices, this could result in PCI Compliance warnings. 

 

Related Articles

  • How to export and import connection profiles in NetExtender
    Read More
  • Unable access High availability idle device using monitoring IP address
    Read More
  • SSL Control enabled with "Detect Certificate signed by an Untrusted CA" causes Windows Update to fail.
    Read More

Categories

Firewalls
TZ Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall NSA Series
not finding your answers?
Ask the Community
was this article helpful?
YesNo