How can I improve the security of the SSL offload in Fortios 5.2?

Hi,

  I am trying improve the security of the SSL offload that is running our website.  Our web host is trying struggling to find the correct settings and so I thought I would ask here.  The firewall is an 80C running Fortios 5.2.5 SSLLabs has reported the following problems which I I would like to address:

Secure ClientInitiated Renegotiation Supported DoS DANGER

Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported

Forward Secrecy With some browsers

TLS 1.2 not enabled

I have looked through the ‘CLI Reference for FortiOS 5.2’ and found the ‘ssl-server’ secrtion on page 842 but this doesn’t cover everything, is there anywhere else that I should be looking?