Technical Tip: Reasons why RFC 7919 Comply cannot be enabled with SSLv3 or TLSv1.3 is selected
| Description | This article describes why FortiADC will not allow enabling RFC 7919 Comply when SSLv3 or TLSv1.3 is selected in Allowed SSL Version in Client SSL profiles and will generate an error stating 'Client SSL RFC7919 Comply can not support TLS 1.3'. |
| Scope | FortiADC. |
| Solution | This is by design because OpenSSL cannot support multi-keyshare options and FFDHE parameters in TLS 1.3 handshake.
|
