How can I enable RC4-only cipher suites?

Description

In SonicOS 5.9.x and above firmware, an option to enable only RC4 ciphers has been introduced. Enabling this option would force SonicWall to negotiate SSL connections using RC4-SHA1 or RC4-MD5. 

This article describes how to enable this option. The solution described here can be used to mitigate the BEAST and POODLE attacks. Both these attacks target SSLv3 server with CBC mode encryption. RC4 being stream based is not affected by these attacks.

Cause

Sometimes web browser is configured to use only strong cipher suits and it refuses to use RC4-Only encryption. Thus if RC4-Only encryption is
enabled in SonicOS, it could cause err_ssl_version_or_cipher_mismatch error which reported by the browser.

Resolution

  1. Login to the SonicWall management GUI.
  2. Change to the diag page at https://<interface IP address>/diag.html.
  3. Under Encryption Settings, enable check box Enable RC4-Only Cipher Suite Support.
  4. Click Accept at the top to save the change.
  5. Restart for the change to take effect.
    Image
    After enabling this option, SonicWall features like Web Management, SSL-VPN and DPI-SSL will negotiate SSL connections with the following ciphers:

    SSLv3 - RC4-MD5, RC4-SHA1
    TLSv1 - RC4-MD5, RC4-SHA1

Related Articles

  • Using 31-Bit Prefixes on IPv4 Address Error: Index of the interface: Invalid IP Address
    Read More
  • How to block a website using CFS 4.0 CLI commands
    Read More
  • How to Configure Wire / Tap mode in SonicOS
    Read More

Categories

Firewalls
NSa Series
Firewall Management
Firewalls
TZ Series
Firewall Management UI
not finding your answers?
Ask the Community
was this article helpful?
YesNo