Filter
Top Products
Firewall > SSL Control
502
SonicOS Enhanced 4.0 Administrator Guide
• Detect Self-signed certificates – Controls the detection of certificates where both the
issuer and the subject have the same common name.
• Detect Certificates signed by an Untrusted CA – Controls the detection of certificates
where the issuer’s certificate is not in the SonicWALL’s System > Certificates trusted
store.
• Detect Weak Ciphers (<64 bits) – Controls the detection of SSL sessions negotiated with
symmetric ciphers less than 64 bits, commonly indicating export cipher usage.
• Configure Blacklist and Whitelist – Allows the administrator to define strings for matching
common names in SSL certificates. Entries are case-insensitive, and will be used in
pattern-matching fashion, for example:
Entry Will Match Will Not Match
sonicwall.com https://www.sonicwall.com,
https://
csm.demo.sonicwall.com,
https://mysonicwall.com,
https://
supersonicwall.computers.or
g, https://67.115.118.87
a
https://www.sonicwall.de
prox https://proxify.org, https://
www.proxify.org, https://
megaproxy.com, https://
1070652204
b
https://www.freeproxy.ru
c
a.67.115.118.67 is currently the IP address to which sslvpn.demo.sonicwall.com resolves, and that site uses a certificate issued to
sslvpn.demo.sonicwall.com. This will result in a match to “sonicwall.com” since matching occurs based on the common name
in the certificate.
b.This is the decimal notation for the IP address 63.208.219.44, whose certificate is issued to www.megaproxy.com.
c.www.freeproxy.ru will not match “prox” since the common name on the certificate that is currently presented by this site is a
self-signed certificate issued to “-“. This can, however, easily be blocked by enabling control of self-signed or Untrusted CA
certificates.