How can I enable RC4-only cipher suites?
12/20/2019 33 26572
In SonicOS 5.9.x and above firmware, an option to enable only RC4 ciphers has been introduced. Enabling this option would force SonicWall to negotiate SSL connections using RC4-SHA1 or RC4-MD5.
This article describes how to enable this option. The solution described here can be used to mitigate the BEAST and POODLE attacks. Both these attacks target SSLv3 server with CBC mode encryption. RC4 being stream based is not affected by these attacks.
Sometimes web browser is configured to use only strong cipher suits and it refuses to use RC4-Only encryption. Thus if RC4-Only encryption is
enabled in SonicOS, it could cause err_ssl_version_or_cipher_mismatch error which reported by the browser.
- Login to the SonicWall management GUI.
- Change to the diag page at https://<interface IP address>/diag.html.
- Under Encryption Settings, enable check box Enable RC4-Only Cipher Suite Support.
- Click Accept at the top to save the change.
- Restart for the change to take effect.
After enabling this option, SonicWall features like Web Management, SSL-VPN and DPI-SSL will negotiate SSL connections with the following ciphers:
SSLv3 - RC4-MD5, RC4-SHA1
TLSv1 - RC4-MD5, RC4-SHA1