- Fortinet Forum
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiSandbox
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- Customer Service
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Technical Tip: Cipher suites offered by FortiGate
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Email to a Friend
- Printer Friendly Page
- Report Inappropriate Content
Description
Solution
| SSLv3:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_DES_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 128)
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_DES_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048)
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048)
| TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048)
TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_DES_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 128)
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_DES_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048)
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048)
| TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048)
TLSv1.1:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_DES_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 128)
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_RC4_128_SHA (dh 256)
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_DES_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_RC4_128_MD5 (rsa 1024)
| TLS_RSA_WITH_RC4_128_SHA (rsa 1024)
| TLS_RSA_WITH_SEED_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_DES_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048)
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048)
| TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048)
TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 128)
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 128)
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 128)
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 128)
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_DES_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 128)
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (dh 256)
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (dh 256)
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (dh 256)
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (dh 256)
| TLS_ECDHE_RSA_WITH_RC4_128_SHA (dh 256)
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 1024)
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 1024)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 1024)
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 1024)
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_DES_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_RC4_128_MD5 (rsa 1024)
| TLS_RSA_WITH_RC4_128_SHA (rsa 1024)
| TLS_RSA_WITH_SEED_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048)
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048)
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048)
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_DES_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048)
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048)
| TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048)
TLSv1.3
| ciphers
| TLS_AES_256_GCM_SHA384
| TLS_CHACHA20_POLY1305_SHA256
| TLS_AES_128_GCM_SHA256
The following cipher suites are offered by the FortiGate when 'strong-crypto' is ENABLED:
TLSv1.1:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 128)
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (dh 256)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048)
TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 128)
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 128)
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 128)
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (dh 256)
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (dh 256)
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (dh 256)
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (dh 256)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 1024)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 1024)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048)
TLSv1.3
| ciphers
| TLS_AES_256_GCM_SHA384
| TLS_CHACHA20_POLY1305_SHA256
| TLS_AES_128_GCM_SHA256
Cryptographic protocols SSLv3 and TLSv1.0 will not be offered by the FortiGate when 'strong-crypto' is enabled.
Cryptographic protocols TLSv1.1 and TLSv1.2 will be offered by the FortiGate when 'strong-crypto' is enabled.
This article shows the cipher suites offered by the FortiGate firewall when 'strong-crypto' is disabled and when it is enabled.
By default, the command 'strong-crypto' is in a disabled status. However, it is recommended to enable 'strong-crypto', this will enforce the FortiGate to use strong encryption and only allow strong ciphers.
By default, the command 'strong-crypto' is in a disabled status. However, it is recommended to enable 'strong-crypto', this will enforce the FortiGate to use strong encryption and only allow strong ciphers.
Solution
'strong-crypto' can only be enabled via the command line. SSH into the FortiGate via SSH client (For example Putty) and type in the commands:
# config system globalThe following cipher suites are offered by the FortiGate when 'strong-crypto' is DISABLED:
# set strong-crypto enable
# end
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_DES_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 128)
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_DES_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048)
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048)
| TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048)
TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_DES_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 128)
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_DES_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048)
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048)
| TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048)
TLSv1.1:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_DES_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 128)
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_RC4_128_SHA (dh 256)
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_DES_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_RC4_128_MD5 (rsa 1024)
| TLS_RSA_WITH_RC4_128_SHA (rsa 1024)
| TLS_RSA_WITH_SEED_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_DES_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048)
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048)
| TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048)
TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 128)
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 128)
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 128)
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 128)
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_DES_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 128)
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (dh 256)
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (dh 256)
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (dh 256)
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (dh 256)
| TLS_ECDHE_RSA_WITH_RC4_128_SHA (dh 256)
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 1024)
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 1024)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 1024)
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 1024)
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_DES_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_RC4_128_MD5 (rsa 1024)
| TLS_RSA_WITH_RC4_128_SHA (rsa 1024)
| TLS_RSA_WITH_SEED_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048)
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048)
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048)
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_DES_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048)
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048)
| TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048)
TLSv1.3
| ciphers
| TLS_AES_256_GCM_SHA384
| TLS_CHACHA20_POLY1305_SHA256
| TLS_AES_128_GCM_SHA256
The following cipher suites are offered by the FortiGate when 'strong-crypto' is ENABLED:
TLSv1.1:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 128)
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (dh 256)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048)
TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 128)
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 128)
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 128)
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 128)
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (dh 256)
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (dh 256)
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (dh 256)
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (dh 256)
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (dh 256)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 1024)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024)
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 1024)
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048)
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048)
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048)
TLSv1.3
| ciphers
| TLS_AES_256_GCM_SHA384
| TLS_CHACHA20_POLY1305_SHA256
| TLS_AES_128_GCM_SHA256
Cryptographic protocols SSLv3 and TLSv1.0 will not be offered by the FortiGate when 'strong-crypto' is enabled.
Cryptographic protocols TLSv1.1 and TLSv1.2 will be offered by the FortiGate when 'strong-crypto' is enabled.
News & Articles
Security Research
Company
- Copyright 2021 Fortinet, Inc. All Rights Reserved.
- Terms of Service
- Privacy Policy
- GDPR