Technical Tip: How to strengthen SSL ciphers in FortiOS

Description

This article explains how to strengthen SSL ciphers when using FortiOS.

Scope

FortiOS v4.0 and above.
FortiOS v4.0 MR3 and above for SSL offload and Wan Optimization.

Solution

To strengthen HTTPS access to the FortiGate connect to the CLI and run the following commands:

config system global set strong-crypto enable end

To strengthen SSL VPN ciphers run the following commands on the CLI:

config vpn ssl settings set sslv2 disable set sslv3 enable set algorithm high end

Use FortiOS v4.0 MR3 and above to run these commands for SSL offload and Wan Optimization.