This article describes a known issue related to ML-KEM post-quantum TLS key exchange, which has recently become supported in the following browser versions:
This issue has been observed to occur when using Flow-based TLS Deep Inspection on the FortiGate along with the web browser versions mentioned above (including later versions). Proxy-based TLS Deep Inspection is not affected.
FortiGate.
When this issue occurs, users will find that certain websites will fail to load and will present an ERR_SSL_PROTOCOL_ERROR error message.
This issue is triggered by the addition of ML-KEM post-quantum TLS key exchange, which recently replaced X25519Kyber768 for hybrid post-quantum key exchange on Chrome-based browsers: https://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html.
Some example websites that have been found to demonstrate the issue while using Google Chrome include:
Some websites like the Azure portal or the Microsoft SSO login page (login.microsoftonline.com) will not show this error. For example, the Azure portal will simply show the message 'Portal offline', whereas the Microsoft SSO login page will show a blank page.
For precise identification, obtain a packet capture of the relevant traffic and inspect the packets in Wireshark.
A ClientHello message generated by an application using ML-KEM will show it being offered, as shown in the following example:
'Extension: supported_groups' and 'Extension: key_share' will contain group ID 0x11ec (hexadecimal) or 4588 (the same value in decimal notation).
Note:
Future Wireshark versions may show the proper name of the ML-KEM group, once support is implemented. As of version 4.4.2, it is not implemented.
If these group IDs are found in the ClientHello then issues with flow-mode inspection are expected to happen. Use the following command to check the current version of IPS Engine running on the FortiGate, then compare against the list in the Long-Term Resolution section to see which version has resolved this issue:
diagnose autoupdate versions | grep 'Attack Engine' -A 7
Workarounds:
Any one of the following workarounds can be effective as a temporary solution to the issue:
Long-Term Resolution (as of 12/02/2024):
The problem is under active investigation as part of Known Issue #1097642. Fixes are being assessed as part of new IPS Engine builds for v7.0, v7.2, v7.4, and v7.6 at this time. The issue has been fixed on the following IPS Engine interim versions:
Currently, these IPS Engine versions are undergoing testing by Fortinet QA before they are officially released to the public (either via FortiGuard or bundled with FortiOS firmware releases). A ticket can be opened with Fortinet TAC to receive and test the above IPS Engine versions before their official rollout, and the following KB article can be used to perform a manual IPS Engine upgrade: Technical Tip: How to manually upgrade the IPS Engine
Note:
The FortiGate will only auto-update the IPS Engine via FortiGuard if some kind of flow-based inspection is being actively utilized. To satisfy this requirement, there must be at least one of the following configured on the FortiGate:
This ML-KEM issue specifically affects users with Flow-based Firewall Policies using SSL/TLS Deep Inspection enabled, so this requirement should already be satisfied for affected FortiGates.
Related articles:
Technical Tip: How to block TLS 1.3 Encrypted Client Hello (ECH) in FortiGate firewalls
Technical Tip: Web filter is not blocking websites on Google Chrome and Microsoft Edge
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.