Skip to main content
sklotz
sklotz
Explorer
September 30, 2021
Question

Issue with TLS-settings

  • September 30, 2021
  • 3 replies
  • 2461 views

Hi there,

we've installed a FortiProxy VM64 running 7.0.0 and we are facing issues with HTTPS connections.

WebGUI access via https is not possible and als web-proxy connection for https-websites are not working.

Both use-cases via http are working fine. So we assume this is a general TLS-settings problem.

In Wireshark, we see that after the Client Hello packet there is directly a RST-packet.

Is there some configuration required? Is this a FortiProxy related topic or might this also depend on special settings of the underlying VM host system (if so, which one)?

Do you have any idea here? Or any additional steps we can perform to better investigate this issue?

Which settings are interesting for you, so we can provide you our current settings (most of them should be default)?

Thank you!

 

Regards,

Stefan :)

    3 replies

    ndumaj
    Staff
    ndumaj
    Staff
    May 5, 2023

    Hi,

    By default, Fortiproxy set the minimum support TLS version to 1.2
    You may try to change under config system global:

    config system global
    set ssl-min-proto-version {SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2 | TLSv1-3}
    end

    Additionally for ciphers:
    set admin-https-ssl-banned-ciphers {option1}, {option2}, ...

    PCAP should provide more evidence.

    BR

      abarushka
      Staff
      abarushka
      Staff
      May 5, 2023

      Hello Stefan,

       

      I would like to double check whether your FortiProxy is running demo license or full license? Moreover, could you please clarify whether FortiProxy or client is sending RST packet?

        stevediaz
        stevediaz
        New Member
        August 24, 2023

        The command given by @ndumaj is not working in my system!

        Terms & ConditionsAccessibility statement