Staff

Technical Tip: How to test the supported SSL/TLS protocol version on FortiWeb Virtual IP

Forum|Forum|1 month ago
May 7, 2026
0 replies
21 views

Description

This article describes the steps to test the supported SSL/TLS protocol version on FortiWeb Virtual IP.

Scope

FortiWeb.

Solution

Prerequisite:

Using the open-source utility 'OpenSSL' to perform the test.

It is important to verify that the supported SSL/TLS protocol version is enabled on the website published to the Internet. SSL/TLS protocol versions SSLv3.0, TLSv1.0, and TLSv1.1 are deprecated, obsolete cryptographic protocols and should be disabled from the supported list.

The open-source utility command 'openssl' can be used to connect and test if the SSL/TLS protocol version is supported by the Virtual IP Address.

Command Sample:

Test TLS protocol version 1.0.

openssl s_client -connect <VIP>:443 -tls1

Test TLS protocol version 1.1.

openssl s_client -connect <VIP>:443 -tls1_1

Test TLS protocol version 1.2.

openssl s_client -connect <VIP>:443 -tls1_2

Test TLS protocol version 1.3.

openssl s_client -connect <VIP>:443 -tls1_3

Sample output:

Connected successfully (TLS1.0):

Connect failed (TLS1.0):

Connected successfully (TLS1.1):

Connect failed (TLS1.1):

Related Document:

Configuring an HTTP server policy

Supported cipher suites & protocol versions

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded