Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

How can I force NetExtender connection to TLS 1.2

Hello all. We have an SMA400 connected to a Sonicwall nsa-2650 firewall. Remote users are all running one of the latest version of Win 10 Pro. On the SMA400 I set "Customize TLS version" to TLSv1.2 and I set "Ciphersuites" to Modern Capability. I also checked, "Enforce Forward Secrecy." On the firewall under "SSL Control" I set it to log events (not block them), and I checked all of the boxes for detecting certificate related issues. When some users connect via NetExtender, the firewall is reporting that they are using "Weak Ciphers" and are version SSLv2. So, why is this happening? What is driving the negotiations down? Shouldn't the settings I put in place on the SMA400 keep this from occurring?

Category: Secure Mobile Access Appliances
Reply

Best Answer

  • CORRECT ANSWER
    ab4okab4ok Newbie ✭
    Answer ✓

    UPDATE We were on firmware version 9.0.0.7-something, so I upgraded our SMA400 to the latest version, 10.2.0.1-something, and so far I have not seen any more "weak cipher" logs for our Netextender users.

Answers

  • NevyadithaNevyaditha Moderator

    @ab4ok ,

    Thanks for sharing the update and I am glad that updating the firmware took care of your issue.

    Nevyaditha P

    Technical Support Advisor, Premier Services

Sign In or Register to comment.