Description | This article describes how to troubleshoot SSL-VPN issue with TLS Cipher Suites in Windows. |
Scope | SSL-VPN |
Solution |
When SSL-VPN issue are troubelshooted with TLS Cipher Suites in Windows first, it is necessary to check that TLS Cipher Suites are configured in FortiGate.
For example from FortiGate config SSL-VPN settings:
set ciphersuite TLS-CHACHA20-POLY1305-SHA256
From Microsoft info, it is possible to see that these Cipher Suites are not available in Windows 10: https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-10-v20h2
But are available in Windows 11: https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-11
Recommendations: 1) Only Windows 11 is used with these Cipher Suites. 2) Other Cipher Suites are available in all FortiOS for configuration. |