How to disable SSLv3 / TLSv1

Description

This article explains how to disable SSLv3 and TLSv1.0 in SonicOS. These are old protocols, now considered very vulnerable to attacks.

NOTE: SSLv3 and TLSv1 are disabled by default on all the latest SonicOS versions (i.e. 6.2.7.1 and above and 5.9.1.8 and above)

 

Resolution

To enable/disable SSLv3 and TLSv1 on older firmware versions:

  1. Navigate to the diag.html page of the firewal: https://SonicWall_IPAddress/diag.html
  2. Navigate to Encryption Settings to find the options to disable SSL V3 and TLS V1.0:

Image

To enable SSLv3 and TLSv1 on newer versions:

  1. Navigate to the diag.html page of the firewal: https://SonicWall_IPAddress/diag.html
  2. Navigate to Encryption Settings
  3. Check the option "Enable TLS compatible mode"

Image

 

CAUTION: When enabled, SonicOS will support legacy protocol versions and ciphers to be compatible with legacy devices, this could result in PCI Compliance warnings. 

 

Related Articles

  • Enable public access on SonicWall NSv in Azure
    Read More
  • Como resolver "ERR_CONNECTION_TIMED_OUT" ao acessar a URL https://sso.acesso.gov.br/ e demais sites do governo
    Read More
  • Configuring Syslog traffic over MPLS in SonicWall
    Read More

Categories

Firewalls
TZ Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall NSA Series
not finding your answers?
Ask the Community
was this article helpful?
YesNo