en-US
search-icon

Email Security 9.0 Admin Guide

Cipher Set

When TLS over SMTP is enabled, one of three levels of encryption strength can selected.

To configure encryption strength:
1
Select System > Network Architecture > Server Configuration.
2
Select Add Path on either the Inbound or Outbound Email Flow.
3
Scroll to the bottom and select Configure STARTTLS.
4
Define the TLS settings and choose the appropriate Cipher Strength.

This appendix lists the complete set of ciphers for SonicWall Email Security

 

Email Security 9.0 Cipher Set

OpenSSL cipher string name

TLS

Key Exchange

Authenticator

Cipher

HMAC

PFS

Strong Ciphers

ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2

ECDH

RSA

AESGCM(256)

AEAD

Yes

ECDHE-ECDSA-AES256-GCM-SHA384

TLSv1.2

ECDH

ECDSA

AESGCM(256)

AEAD

Yes

ECDHE-RSA-AES256-SHA384

TLSv1.2

ECDH

RSA

AES(256)

SHA384

Yes

ECDHE-ECDSA-AES256-SHA384

TLSv1.2

ECDH

ECDSA

AES(256)

SHA384

Yes

ECDHE-RSA-AES256-SHA

SSLv3

ECDH

RSA

AES(256)

SHA1

Yes

ECDHE-ECDSA-AES256-SHA

SSLv3

ECDH

ECDSA

AES(256)

SHA1

Yes

ECDH-RSA-AES256-GCM-SHA384

TLSv1.2

ECDH/RSA

ECDH

AESGCM(256)

AEAD

 

ECDH-ECDSA-AES256-GCM-SHA384

TLSv1.2

ECDH/ECDSA

ECDH

AESGCM(256)

AEAD

 

ECDH-RSA-AES256-SHA384

TLSv1.2

ECDH/RSA

ECDH

AES(256)

SHA384

 

ECDH-ECDSA-AES256-SHA384

TLSv1.2

ECDH/ECDSA

ECDH

AES(256)

SHA384

 

ECDH-RSA-AES256-SHA

SSLv3

ECDH/RSA

ECDH

AES(256)

SHA1

 

ECDH-ECDSA-AES256-SHA

SSLv3

ECDH/ECDSA

ECDH

AES(256)

SHA1

 

AES256-GCM-SHA384

TLSv1.2

RSA

RSA

AESGCM(256)

AEAD

 

AES256-SHA256

TLSv1.2

RSA

RSA

AES(256)

SHA256

 

AES256-SHA

SSLv3

RSA

RSA

AES(256)

SHA1

 

CAMELLIA256-SHA

SSLv3

RSA

RSA

Camellia(256)

SHA1

 

ECDHE-RSA-AES128-GCM-SHA256

TLSv1.2

ECDH

RSA

AESGCM(128)

AEAD

Yes

ECDHE-ECDSA-AES128-GCM-SHA256

TLSv1.2

ECDH

ECDSA

AESGCM(128)

AEAD

Yes

ECDHE-RSA-AES128-SHA256

TLSv1.2

ECDH

RSA

AES(128)

SHA256

Yes

ECDHE-ECDSA-AES128-SHA256

TLSv1.2

ECDH

ECDSA

AES(128)

SHA256

Yes

ECDHE-RSA-AES128-SHA

SSLv3

ECDH

RSA

AES(128)

SHA1

Yes

ECDHE-ECDSA-AES128-SHA

SSLv3

ECDH

ECDSA

AES(128)

SHA1

Yes

ECDH-RSA-AES128-GCM-SHA256

TLSv1.2

ECDH/RSA

ECDH

AESGCM(128)

AEAD

 

ECDH-ECDSA-AES128-GCM-SHA256

TLSv1.2

ECDH/ECDSA

ECDH

AESGCM(128)

AEAD

 

ECDH-RSA-AES128-SHA256

TLSv1.2

ECDH/RSA

ECDH

AES(128)

SHA256

 

ECDH-ECDSA-AES128-SHA256

TLSv1.2

ECDH/ECDSA

ECDH

AES(128)

SHA256

 

ECDH-RSA-AES128-SHA

SSLv3

ECDH/RSA

ECDH

AES(128)

SHA1

 

ECDH-ECDSA-AES128-SHA

SSLv3

ECDH/ECDSA

ECDH

AES(128)

SHA1

 

AES128-GCM-SHA256

TLSv1.2

RSA

RSA

AESGCM(128)

AEAD

 

AES128-SHA256

TLSv1.2

RSA

RSA

AES(128)

SHA256

 

AES128-SHA

SSLv3

RSA

RSA

AES(128)

SHA1

 

CAMELLIA128-SHA

SSLv3

RSA

RSA

Camellia(128)

SHA1

 

Normal Ciphers

SEED-SHA

SSLv3

RSA

RSA

SEED(128)

SHA1

 

ECDHE-RSA-DES-CBC3-SHA

SSLv3

ECDH

RSA

3DES(168)

SHA1

Yes

ECDHE-ECDSA-DES-CBC3-SHA

SSLv3

ECDH

ECDSA

3DES(168)

SHA1

Yes

ECDH-RSA-DES-CBC3-SHA

SSLv3

ECDH/RSA

ECDH

3DES(168)

SHA1

 

ECDH-ECDSA-DES-CBC3-SHA

SSLv3

ECDH/ECDSA

ECDH

3DES(168)

SHA1

 

DES-CBC3-SHA

SSLv3

RSA

RSA

3DES(168)

SHA1

 

Weak Ciphers

DHE-DSS-AES256-GCM-SHA384

TLSv1.2

DH

DSS

AESGCM(256)

AEAD

Yes

DHE-RSA-AES256-GCM-SHA384

TLSv1.2

DH

RSA

AESGCM(256)

AEAD

Yes

DHE-RSA-AES256-SHA256

TLSv1.2

DH

RSA

AES(256)

SHA256

Yes

DHE-DSS-AES256-SHA256

TLSv1.2

DH

DSS

AES(256)

SHA256

Yes

DHE-RSA-AES256-SHA

SSLv3

DH

RSA

AES(256)

SHAI1

Yes

DHE-DSS-AES256-SHA

SSLv3

DH

DSS

AES(256)

SHAI1

Yes

DHE-RSA-CAMELLIA256-SHA

SSLv3

DH

RSA

Camellia(256)

SHAI1

Yes

DHE-DSS-CAMELLIA256-SHA

SSLv3

DH

DSS

Camellia(256)

SHAI1

Yes

DHE-DSS-AES128-GCM-SHA256

TLSv1.2

DH

DSS

AESGCM(128)

AEAD

Yes

DHE-RSA-AES128-GCM-SHA256

TLSv1.2

DH

RSA

AESGCM(128)

AEAD

Yes

DHE-RSA-AES128-SHA256

TLSv1.2

DH

RSA

AES(128)

SHA256

Yes

DHE-DSS-AES128-SHA256

TLSv1.2

DH

DSS

AES(128)

SHA256

Yes

DHE-RSA-AES128-SHA

SSLv3

DH

RSA

AES(128)

SHA1

Yes

DHE-DSS-AES128-SHA

SSLv3

DH

DSS

AES(128)

SHA1

Yes

DHE-RSA-SEED-SHA

SSLv3

DH

RSA

SEED(128)

SHA1

Yes

DHE-DSS-SEED-SHA

SSLv3

DH

DSS

SEED(128)

SHA1

Yes

DHE-RSA-CAMELLIA128-SHA

SSLv3

DH

RSA

Camellia(128)

SHA1

Yes

DHE-DSS-CAMELLIA128-SHA

SSLv3

DH

DSS

Camellia(128)

SHA1

Yes

ECDHE-RSA-RC4-SHA

SSLv3

ECDH

RSA

RC4(128)

SHA1

Yes

ECDHE-ECDSA-RC4-SHA

SSLv3

ECDH

ECDSA

RC4(128)

SHA1

Yes

ECDH-RSA-RC4-SHA

SSLv3

ECDH/RSA

ECDH

RC4(128)

SHA1

 

ECDH-ECDSA-RC4-SHA

SSLv3

ECDH/ECDSA

ECDH

RC4(128)

SHA1

 

RC4-SHA

SSLv3

RSA

RSA

RC4(128)

SHA1

 

RC4-MD5

SSLv3

RSA

RSA

RC4(128)

MD5

 

EDH-RSA-DES-CBC3-SHA

SSLv3

DH

RSA

3DES(168)

SHA1

 

EDH-DSS-DES-CBC3-SHA

SSLv3

DH

DSS

3DES(168)

SHA1

 

 
* 
NOTE: TLS v1.2 Galois/Counter Mode (GCM), Authenticated Encryption with Associated Data (AEAD), and SHA-2 hashes are only available when the client uses TLS v1.2. All TSL v1 ciphers are available when the client uses TLS v1.2, except for RC4, which is always disabled with TLS v1.1 and above.
 
* 
NOTE: The changes from Release 8.2 to 8.3 are:
All ciphers using less than 128-bit encryption (the former weak ciphers) have been removed and are no longer available.
The RC4 cipher has been moved to the Weak cipher category.
The DHE authenticator has been moved to the Weak cipher category.
3DES is no longer included in he Strong cipher set; it is included in the Normal and Weak categories.