Description | This article describes how to control TLS1.2 cipher suites for HTTPS administrative access. |
Scope | FortiGate v7.2v and v7.4.1. |
Solution |
By default, when strong-crypto is enabled, the cipher suites are listed below:
To disable the following cipher suites and keep the GCM cipher suites (TLS1.2):
Use the following commands to keep the GCM cipher suites (TLS1.2):
config system global set admin-https-ssl-banned-ciphers SHA256 SHA384 end
After the changes, run the TLS scan and the following are the available cipher suites:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.