This article describes a known issue related to ML-KEM post-quantum TLS key exchange, which has recently become supported in the following browser versions:
This issue has been observed to occur when using Flow-based TLS Deep Inspection on the FortiGate along with the web browser versions mentioned above (including later versions). Proxy-based TLS Deep Inspection is not affected.
FortiGate.
When this issue occurs, users will find that certain websites will fail to load and will present an ERR_SSL_PROTOCOL_ERROR error message.
This issue is triggered by the addition of ML-KEM post-quantum TLS key exchange, which recently replaced X25519Kyber768 for hybrid post-quantum key exchange on Chrome-based browsers: A new path for Kyber on the web.
Some example websites that have been found to demonstrate the issue while using Google Chrome include:
Some websites like the Azure portal or the Microsoft SSO login page (login.microsoftonline.com) will not show this error. For example, the Azure portal will simply show the message 'Portal offline', whereas the Microsoft SSO login page will show a blank page.
For precise identification, obtain a packet capture of the relevant traffic and inspect the packets in Wireshark.
A ClientHello message generated by an application using ML-KEM will show it being offered, as shown in the following example:
ClientHello with ML-KEM offered
'Extension: supported_groups' and 'Extension: key_share' will contain group ID 0x11ec (hexadecimal) or 4588 (the same value in decimal notation).
Additionally, the packet capture will show a fatal TLS alert with description 'Illegal Parameter' as follows:
Note:
Future Wireshark versions may show the proper name of the ML-KEM group, once support is implemented. As of version 4.4.2, it is not implemented.
If these group IDs are found in the ClientHello then issues with flow-mode inspection are expected to happen. Use the following command to check the current version of IPS Engine running on the FortiGate, then compare against the list in the Long-Term Resolution section to see which version has resolved this issue:
diagnose autoupdate versions | grep 'Attack Engine' -A 7
Workarounds:
Any one of the following workarounds can be effective as a temporary solution to the issue:
Long-Term Resolution (as of 12/02/2024):
The problem is under active investigation as part of Known Issue #1097642. Fixes are being assessed as part of new IPS Engine builds for v7.0, v7.2, v7.4, and v7.6 at this time. According to development, the issue has been fixed starting with the following IPS Engine versions:
The following KB article can be used to perform a manual IPS Engine upgrade: Technical Tip: How to manually upgrade the IPS Engine.
Note:
The FortiGate will only auto-update the IPS Engine via FortiGuard if the flow-based inspection is being actively utilized. To satisfy this requirement, there must be at least one of the following configured on the FortiGate:
This ML-KEM issue specifically affects users with Flow-based Firewall Policies using SSL/TLS Deep Inspection enabled, so this requirement should already be satisfied for affected FortiGates.
Related articles:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.