Welcome to our NEW support portal! We are now SonicWall, with a dedicated support site. Learn more.

SonicWALL E-Class NSA Series Product Notification

Self Service Tools
Knowledge Base
My SonicWall
Product Support
Professional Services
Software Downloads
Technical Documentation
Training and Certification
Video Tutorials
Support Essentials
Getting Started
License Agreement
Support Guide
Return
Critical Issue

SonicWall Notice Concerning SSLv3 MITM Vulnerability (CVE-2014-3566)

Researchers have disclosed vulnerability (CVE�-2014-3566) in the SSLv3 version of the SSL (Secure Sockets Layer) protocol to MITM (Man-in-the-Middle) attacks known as POODLE (Padding Oracle On Downgraded Legacy Encryption). The vulnerability requires SSLv3 to be allowed and used by both the client and server. Note that SSLv3 has been subsequently replaced by newer TLS (Transport Layer Security) protocol versions TLSv1.0, TLSv1.1, TLSv1.2. To remediate, either the client or server should be configured to use only TLSv1.0 or above.

Recommended Action: The easiest way to remediate the vulnerability is to disable SSLv3 on web browsers and servers. Read this Knowledge Base article to learn how to disable SSLv3 in popular web browsers. For information on disabling SSLv3 on web servers and other applications refer to the appropriate product documentation.

SonicWall Next-Generation Firewall customers can protect their infrastructure by taking these actions:

�         Use Application Control to block SSLv3 connections following instructions in this KB article

�         The SonicWall Threat Research Team has issued a signature to prevent SSL downgrade attacks related to the SSLv3 vulnerability and this KB article details on how to enable the IPS signature.

Recommendations for other SonicWall Solutions:

SonicWall SMB SRA

SMB SRA Firmware

All 7.5 versions prior to 7.5.0.10-29sv
All 7.0 and earlier versions prior to 7.0.1.1-5sv

Recommended Action

SSLv3 support has been removed in these releases:
Upgrade 7.5 to 7.5.0.12-31sv (or newer)
Upgrade 7.0 to 7.0.1.2-7sv (or newer)

SonicWall E-Class SRA

E-Class SRA/SMA

All versions prior to 11.1
All versions prior to 10.7.1

Recommended Action

Disable Aventail SSLVPN support for SSLv3 via the management console (see this Knowledge Base article for more information).  Disable SSLv3 in web browser used to access the web management console. SSLv3 support will be removed in subsequent releases.

SonicWall E-Class SRA

E-Class SRA/SMA

All versions prior to 11.1
All versions prior to 10.7.1

Recommended Action

Disable Aventail SSLVPN support for SSLv3 via the management console (see this Knowledge Base article for more information).  Disable SSLv3 in web browser used to access the web management console. SSLv3 support will be removed in subsequent releases.

SonicWall Email Security

Email Security

All versions prior to 7.4.8
All versions prior to 8.0.6

Recommended Action

SSLv3 support has been removed in these releases:
Upgrade to 7.4.8 (or newer)
Upgrade to 8.0.6 (or newer)