Technical Tip: FortiGate compliance with BSI TR-02102-3 (2025-01)

alif · ‎09-23-2025

Description

This article describes the FortiGate compliance with BSI TR-02102-3 (2025-01).

Scope

FortiGate.

Solution

The following IKEv2 proposals running on FortiGate are considered compliant with the latest cryptographic recommendations outlined in the BSI Technical Guideline TR-02102-3: Cryptographic Mechanisms: Recommendations and Key Lengths, version 2025-01.

IANA Name	IANA Number	RFC	FortiGate Equivalent(s)
ENCR_DES_CBC			DES
			3DES	3DES_CBC
ENCR_AES_CBC	12	RFC 7296, RFC 3602	AES128	AES_CBC
ENCR_AES_CBC	12	RFC 7296, RFC 3602	AES192	AES_CBC
ENCR_AES_CBC	12	RFC 7296, RFC 3602	AES256	AES_CBC
ENCR_AES_GCM_16	20	RFC 5282, RFC 8247	AES128GCM	AES_GCM_16
ENCR_AES_GCM_16	20	RFC 5282, RFC 8247	AES256GCM	AES_GCM_16
ENCR_CHACHA20_POLY1305	28	RFC 7634	CHACHA20_POLY1305	CHACHA20_POLY1305

			MD5	AUTH_HMAC_MD5_96
			SHA1	AUTH_HMAC_SHA_96
AUTH_HMAC_SHA2_256_128	12	RFC 4868	SHA256	AUTH_HMAC_SHA2_256_128
AUTH_HMAC_SHA2_384_192	13	RFC 4868	SHA384	AUTH_HMAC_SHA2_384_192
AUTH_HMAC_SHA2_512_256	14	RFC 4868	SHA512	AUTH_HMAC_SHA2_512_256

PRF_HMAC_SHA			PRFSHA1	PRF_HMAC_SHA
PRF_HMAC_SHA2_256	5	RFC 4868	PRFSHA256	PRF_HMAC_SHA2_256
PRF_HMAC_SHA2_384	6	RFC 4868	PRFSHA384	PRF_HMAC_SHA2_384
PRF_HMAC_SHA2_512	7	RFC 4868	PRFSHA512	PRF_HMAC_SHA2_512

Related documents:

Technical Guideline TR-02102-1 -- Cryptographic Mechanisms: Recommendations and Key Lengths
Technical Guideline TR-02102-3 -- Cryptographic Mechanisms: Recommendations and Key Lengths

Technical Tip: FortiGate compliance with BSI TR-02102-3 (2025-01)

You are leaving our website