SHA-2 (SHA-256, SHA-384 SHA-512) support in SonicOS 6.5 and above
Description
Beginning with SonicOS 6.5,7.X appliances support the SHA-2 set of cryptographic hash functions. SHA-2 currently consists of a set of six hash functions with digests that are 256, 384 or 512 bits.
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
SonicWall supports 256, 384 or 512 bits hash functions in Site to Site VPN and WAN GroupVPN (both IKE and IPsec). In IPSec (Phase 2), in addition to SHA-2, SonicWall also supports AES-XCBC authentication algorithm.
SonicWall also supports importing certificates signed with a SHA-256, SHA-384 or SHA-512 hash, in addition to MD5 or SHA-1. Certificates thus signed can be used for Management and SSL-VPN.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
SonicWall supports 256, 384 or 512 bits hash functions in Site to Site VPN and WAN GroupVPN (both IKE and IPsec). In IPSec (Phase 2), in addition to SHA-2, SonicWall also supports AES-XCBC authentication algorithm.
SonicWall also supports importing certificates signed with a SHA-256, SHA-384 or SHA-512 hash, in addition to MD5 or SHA-1. Certificates thus signed can be used for Management and SSL-VPN.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
SonicWall supports 256, 384 or 512 bits hash functions in Site to Site VPN and WAN GroupVPN (both IKE and IPsec). In IPSec (Phase 2), in addition to SHA-2, SonicWall also supports AES-XCBC authentication algorithm.
SonicWall also supports importing certificates signed with a SHA-256, SHA-384 or SHA-512 hash, in addition to MD5 or SHA-1. Certificates thus signed can be used for Management and SSL-VPN.
