Filter
Top Products
Firewall Settings > SSL Control
786
SonicOS 5.8.1 Administrator Guide
• Detect Weak Ciphers (<64 bits) – Controls the detection of SSL sessions negotiated with
symmetric ciphers less than 64 bits, commonly indicating export cipher usage.
• Detect MD5 Digest – Controls the detection of certificates that were created using an MD5
Hash.
• Configure Blacklist and Whitelist – Allows the administrator to define strings for matching
common names in SSL certificates. Entries are case-insensitive, and will be used in
pattern-matching fashion, for example:
To configure the Whitelist and Blacklist, click the Configure button to bring up the following
window.
Entry Will Match Will Not Match
sonicwall.com https://www.sonicwall.com,
https://
csm.demo.sonicwall.com,
https://mysonicwall.com,
https://
supersonicwall.computers.or
g, https://67.115.118.87
a
https://www.sonicwall.de
prox https://proxify.org, https://
www.proxify.org, https://
megaproxy.com, https://
1070652204
b
https://www.freeproxy.ru
c
a.67.115.118.67 is currently the IP address to which sslvpn.demo.sonicwall.com resolves, and that site uses a certificate issued to
sslvpn.demo.sonicwall.com. This will result in a match to “sonicwall.com” since matching occurs based on the common name
in the certificate.
b.This is the decimal notation for the IP address 63.208.219.44, whose certificate is issued to www.megaproxy.com.
c.www.freeproxy.ru will not match “prox” since the common name on the certificate that is currently presented by this site is a
self-signed certificate issued to “-“. This can, however, easily be blocked by enabling control of self-signed or Untrusted CA
certificates.