03/26/2020 1,041 People found this article helpful 453,205 Views
Article Applies To:
SonicWall Email Security Appliances: 3300, 4300, 8300.
Firmware/Software Version: 8.3
In version 8.3, the Web UI allows the administrator to select one of three levels of SMTP encryption strength:
The OpenSSL Cipherstring selectors are:
Weak | ALL:!LOW:!EXPORT:!aNULL:!eNULL:@STRENGTH |
Normal | HIGH:MEDIUM:!aNULL:!eNULL:!RC4:!EDH:@STRENGTH |
Strong | HIGH:!MD5:!3DES:!aNULL:!eNULL:!EDH:@STRENGTH |
To display the actual ciphers, shell into an appliance and use the openssl ciphers command with one of the above strings. For example, to list all the strong ciphers:
# openssl ciphers -v 'HIGH:!MD5:!3DES:!aNULL:!eNULL:!EDH:@STRENGTH'
In release 8.3, the complete set of ciphers are:
OpenSSL Cipherstring Name | TLS | Key Exchange | Authenticator | Cipher | HMAC | PFS? |
Strong | ||||||
ECDHE-RSA-AES256-GCM-SHA384 | TLSv1.2 | ECDH | RSA | AESGCM(256) | AEAD | Yes |
ECDHE-ECDSA-AES256-GCM-SHA384 | TLSv1.2 | ECDH | ECDSA | AESGCM(256) | AEAD | Yes |
ECDHE-RSA-AES256-SHA384 | TLSv1.2 | ECDH | RSA | AES(256) | SHA384 | Yes |
ECDHE-ECDSA-AES256-SHA384 | TLSv1.2 | ECDH | ECDSA | AES(256) | SHA384 | Yes |
ECDHE-RSA-AES256-SHA | SSLv3 | ECDH | RSA | AES(256) | SHA1 | Yes |
ECDHE-ECDSA-AES256-SHA | SSLv3 | ECDH | ECDSA | AES(256) | SHA1 | Yes |
ECDH-RSA-AES256-GCM-SHA384 | TLSv1.2 | ECDH/RSA | ECDH | AESGCM(256) | AEAD | |
ECDH-ECDSA-AES256-GCM-SHA384 | TLSv1.2 | ECDH/ECDSA | ECDH | AESGCM(256) | AEAD | |
ECDH-RSA-AES256-SHA384 | TLSv1.2 | ECDH/RSA | ECDH | AES(256) | SHA384 | |
ECDH-ECDSA-AES256-SHA384 | TLSv1.2 | ECDH/ECDSA | ECDH | AES(256) | SHA384 | |
ECDH-RSA-AES256-SHA | SSLv3 | ECDH/RSA | ECDH | AES(256) | SHA1 | |
ECDH-ECDSA-AES256-SHA | SSLv3 | ECDH/ECDSA | ECDH | AES(256) | SHA1 | |
AES256-GCM-SHA384 | TLSv1.2 | RSA | RSA | AESGCM(256) | AEAD | |
AES256-SHA256 | TLSv1.2 | RSA | RSA | AES(256) | SHA256 | |
AES256-SHA | SSLv3 | RSA | RSA | AES(256) | SHA1 | |
CAMELLIA256-SHA | SSLv3 | RSA | RSA | Camellia(256) | SHA1 | |
ECDHE-RSA-AES128-GCM-SHA256 | TLSv1.2 | ECDH | RSA | AESGCM(128) | AEAD | Yes |
ECDHE-ECDSA-AES128-GCM-SHA256 | TLSv1.2 | ECDH | ECDSA | AESGCM(128) | AEAD | Yes |
ECDHE-RSA-AES128-SHA256 | TLSv1.2 | ECDH | RSA | AES(128) | SHA256 | Yes |
ECDHE-ECDSA-AES128-SHA256 | TLSv1.2 | ECDH | ECDSA | AES(128) | SHA256 | Yes |
ECDHE-RSA-AES128-SHA | SSLv3 | ECDH | RSA | AES(128) | SHA1 | Yes |
ECDHE-ECDSA-AES128-SHA | SSLv3 | ECDH | ECDSA | AES(128) | SHA1 | Yes |
ECDH-RSA-AES128-GCM-SHA256 | TLSv1.2 | ECDH/RSA | ECDH | AESGCM(128) | AEAD | |
ECDH-ECDSA-AES128-GCM-SHA256 | TLSv1.2 | ECDH/ECDSA | ECDH | AESGCM(128) | AEAD | |
ECDH-RSA-AES128-SHA256 | TLSv1.2 | ECDH/RSA | ECDH | AES(128) | SHA256 | |
ECDH-ECDSA-AES128-SHA256 | TLSv1.2 | ECDH/ECDSA | ECDH | AES(128) | SHA256 | |
ECDH-RSA-AES128-SHA | SSLv3 | ECDH/RSA | ECDH | AES(128) | SHA1 | |
ECDH-ECDSA-AES128-SHA | SSLv3 | ECDH/ECDSA | ECDH | AES(128) | SHA1 | |
AES128-GCM-SHA256 | TLSv1.2 | RSA | RSA | AESGCM(128) | AEAD | |
AES128-SHA256 | TLSv1.2 | RSA | RSA | AES(128) | SHA256 | |
AES128-SHA | SSLv3 | RSA | RSA | AES(128) | SHA1 | |
CAMELLIA128-SHA | SSLv3 | RSA | RSA | Camellia(128) | SHA1 | |
Normal | ||||||
SEED-SHA | SSLv3 | RSA | RSA | SEED(128) | SHA1 | |
ECDHE-RSA-DES-CBC3-SHA | SSLv3 | ECDH | RSA | 3DES(168) | SHA1 | Yes |
ECDHE-ECDSA-DES-CBC3-SHA | SSLv3 | ECDH | ECDSA | 3DES(168) | SHA1 | Yes |
ECDH-RSA-DES-CBC3-SHA | SSLv3 | ECDH/RSA | ECDH | 3DES(168) | SHA1 | |
ECDH-ECDSA-DES-CBC3-SHA | SSLv3 | ECDH/ECDSA | ECDH | 3DES(168) | SHA1 | |
DES-CBC3-SHA | SSLv3 | RSA | RSA | 3DES(168) | SHA1 | |
Weak | ||||||
DHE-DSS-AES256-GCM-SHA384 | TLSv1.2 | DH | DSS | AESGCM(256) | AEAD | Yes |
DHE-RSA-AES256-GCM-SHA384 | TLSv1.2 | DH | RSA | AESGCM(256) | AEAD | Yes |
DHE-RSA-AES256-SHA256 | TLSv1.2 | DH | RSA | AES(256) | SHA256 | Yes |
DHE-DSS-AES256-SHA256 | TLSv1.2 | DH | DSS | AES(256) | SHA256 | Yes |
DHE-RSA-AES256-SHA | SSLv3 | DH | RSA | AES(256) | SHA1 | Yes |
DHE-DSS-AES256-SHA | SSLv3 | DH | DSS | AES(256) | SHA1 | Yes |
DHE-RSA-CAMELLIA256-SHA | SSLv3 | DH | RSA | Camellia(256) | SHA1 | Yes |
DHE-DSS-CAMELLIA256-SHA | SSLv3 | DH | DSS | Camellia(256) | SHA1 | Yes |
DHE-DSS-AES128-GCM-SHA256 | TLSv1.2 | DH | DSS | AESGCM(128) | AEAD | Yes |
DHE-RSA-AES128-GCM-SHA256 | TLSv1.2 | DH | RSA | AESGCM(128) | AEAD | Yes |
DHE-RSA-AES128-SHA256 | TLSv1.2 | DH | RSA | AES(128) | SHA256 | Yes |
DHE-DSS-AES128-SHA256 | TLSv1.2 | DH | DSS | AES(128) | SHA256 | Yes |
DHE-RSA-AES128-SHA | SSLv3 | DH | RSA | AES(128) | SHA1 | Yes |
DHE-DSS-AES128-SHA | SSLv3 | DH | DSS | AES(128) | SHA1 | Yes |
DHE-RSA-SEED-SHA | SSLv3 | DH | RSA | SEED(128) | SHA1 | Yes |
DHE-DSS-SEED-SHA | SSLv3 | DH | DSS | SEED(128) | SHA1 | Yes |
DHE-RSA-CAMELLIA128-SHA | SSLv3 | DH | RSA | Camellia(128) | SHA1 | Yes |
DHE-DSS-CAMELLIA128-SHA | SSLv3 | DH | DSS | Camellia(128) | SHA1 | Yes |
ECDHE-RSA-RC4-SHA | SSLv3 | ECDH | RSA | RC4(128) | SHA1 | Yes |
ECDHE-ECDSA-RC4-SHA | SSLv3 | ECDH | ECDSA | RC4(128) | SHA1 | Yes |
ECDH-RSA-RC4-SHA | SSLv3 | ECDH/RSA | ECDH | RC4(128) | SHA1 | |
ECDH-ECDSA-RC4-SHA | SSLv3 | ECDH/ECDSA | ECDH | RC4(128) | SHA1 | |
RC4-SHA | SSLv3 | RSA | RSA | RC4(128) | SHA1 | |
RC4-MD5 | SSLv3 | RSA | RSA | RC4(128) | MD5 | |
EDH-RSA-DES-CBC3-SHA | SSLv3 | DH | RSA | 3DES(168) | SHA1 | |
EDH-DSS-DES-CBC3-SHA | SSLv3 | DH | DSS | 3DES(168) | SHA1 |
Notes: