Support on SonicWall Products, Services and Solutions
Browse Knowledgebase by Category
How to disable the unsecure cipher suites on the SonicWall SRA/SMA 100 series?
03/26/2020 
17 
6395
DESCRIPTION:
AES is a more efficient cryptographic algorithm. The main strength lies in the option for various key lengths (AES uses keys of 128, 192 or 256 bits) which makes it stronger than DES.
The vulnerabilities are seen in a PCI scan due to SSL 64-bit Block Size Cipher Suites 443 / tcp / www CVE-2016-2183, CVE-2016-6329 and SSL Medium Strength Cipher Suites.
CAUSE:
3DES uses 64 bit blocks.
RESOLUTION:
Form 9.0.0.0-9sv onwards , an option, "Ciphersuites", is available in System > Administration page. Administrator could choose to set Ciphersuites : "Modern compatibility" to disable unsecured ciphers.
If the "Ciphersuites" are set to Modern compatibility, the following ciphersuites are used:-
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA384",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA256"
],
"tls_versions": ["TLSv1.2" ]
ISSUE ID:
211452
