SonicWALL TZ 190 Manuale Utente

SSL Control is located on Firewall panel, under the SSL Control Folder. SSL Control has a 
global setting, as well as a per-zone setting. By default, SSL Control is not enabled at the global 
or zone level. The individual page controls are as follows (refer the Key Concepts for SSL 
Control section for more information on terms used below).

Enable SSL Control – The global setting for SSL Control. This must be enabled for SSL 
Control applied to zones to be effective.

Log the event – If an SSL policy violation, as defined within the Configuration section 
below, is detected, the event will be logged, but the SSL connection will be allowed to 
continue.

Block the connection and log the event – In the event of a policy violation, the connection 
will be blocked and the event will be logged.

Enable Blacklist – Controls detection of the entries in the blacklist, as configured in the 
Configure Lists section below.

Enable Whitelist – Controls detection of the entries in the whitelist, as configured in the 
Configure Lists section below. Whitelisted entries will take precedence over all other SSL 
control settings.

Detect Expired Certificates – Controls detection of certificates whose start date is before 
the current system time, or whose end date is beyond the current system time. Date 
validation depends on the SonicWALL’s System Time. Make sure your System Time is set 
correctly, preferably synchronized with NTP, on the System > Time page.

Detect SSLv2 – Controls detection of SSLv2 exchanges. SSLv2 is known to be susceptible 
to cipher downgrade attacks because it does not perform integrity checking on the 
handshake. Best practices recommend using SSLv3 or TLS in its place.