The unsupported SSL version option handles cases, where the TLS version is not supported by FortiGate. Since v6.4.3, if strong-crypto is enabled, TLS 1.0 is not supported. Due to this change, the following actions for unsupported TLS versions were added:

config firewall ssl-ssh-profile
    edit deep-inspection
        config https
            set ?
unsupported-ssl-version Action based on the SSL version used being unsupported.

set unsupported-ssl-version [allow* | block | inspect]
allow Bypass the session when the version is not supported.
block Block the session when the version is not supported.
inspect Inspect the session when the version is not supported.

For example, if allow action is configured, TLS 1.0 would bypass deep inspection and no certificate would be resigned in case of a deep inspection.

The min-allowed-ssl-version checks whether the minimum allowed TLS version is met. If in a ClientHello or a ServerHello, the minimum version condition is not met, the connection is blocked.