Description
This article describes how to control the SSL version and the Cipher Suites used in the SSL Handshake for the SSL VPN configured on FortiGate Firewalls.
Scope
The FortiGate unit supports multiple SSL Versions and cryptographic cipher suites to match the capabilities of various web browsers by default.
The web browser and the FortiGate negotiate a cipher suite before any information (for example, a username and password) is transmitted over the SSL link.
Solution
SSL Version and encryption key algorithms for SSL VPN can only be configured in the FortiGate CLI.
Use the following commands to change the SSL version for the SSL VPN before version 6.2:
config vpn ssl settings
set sslv3 {enable | disable} sslv3
set tlsv1-0 {enable | disable} Enable/disable TLSv1.0.
set tlsv1-1 {enable | disable} Enable/disable TLSv1.1.
set tlsv1-2 {enable | disable} Enable/disable TLSv1.2.
On 6.2 or above, it is recommended to use the following to change the SSL version for the SSL VPN:
config vpn ssl setting
set ssl-max-proto-ver xxx
tls1-0 TLS version 1.0.
tls1-1 TLS version 1.1.
tls1-2 TLS version 1.2.
tls1-3 TLS version 1.3.
set ssl-min-proto-ver xxx
tls1-0 TLS version 1.0.
tls1-1 TLS version 1.1.
tls1-2 TLS version 1.2.
tls1-3 TLS version 1.3.
Use the following commands to change the SSL Cipher Suite for the SSL VPN:
config vpn ssl settings
set banned-cipher {option} Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
RSA Ban the use of cipher suites using RSA key.
DH Ban the use of cipher suites using DH.
DHE Ban the use of cipher suites using authenticated ephemeral DH key agreement.
ECDH Ban the use of cipher suites using ECDH key exchange.
ECDHE Ban the use of cipher suites using authenticated ephemeral ECDH key agreement.
DSS Ban the use of cipher suites using DSS authentication.
ECDSA Ban the use of cipher suites using ECDSA authentication.
AES Ban the use of cipher suites using either 128 or 256 bit AES.
AESGCM Ban the use of cipher suites AES in Galois Counter Mode (GCM).
CAMELLIA Ban the use of cipher suites using either 128 or 256 bit CAMELLIA.
3DES Ban the use of cipher suites using triple DES
SHA1 Ban the use of cipher suites using SHA1.
SHA256 Ban the use of cipher suites using SHA256.
SHA384 Ban the use of cipher suites using SHA384.
STATIC Ban the use of cipher suites using static keys.
Pre FortiOS 5.4, the cipher suites options are only 'low, medium, high' or 'low, medium, default'.
Use the following CLI command:
config vpn ssl settings
set algorithm <cipher_suite>
end
where one of the following variables replaces <cipher_suite>:
low Use any cipher suite; AES, 3DES, RC4, or DES.
medium Use a 128-bit or greater cipher suite; AES, 3DES, or RC4.
high Use a cipher suite greater than 128 bits; AES or 3DES.
Or:
default High and medium algorithms.
high High algorithms.
low All algorithms.
In the newer version(7.0.x) Ciphersuite can be set in SSL VPN if the TLS1.3 version in use:
config vpn ssl settings
set ciphersuite
TLS-AES-128-GCM-SHA256 Enable TLS-AES-128-GCM-SHA256 in TLS 1.3.
TLS-AES-256-GCM-SHA384 Enable TLS-AES-256-GCM-SHA384 in TLS 1.3.
TLS-CHACHA20-POLY1305-SHA256 Enable TLS-CHACHA20-POLY1305-SHA256 in TLS 1.3.
TLS-AES-128-CCM-SHA256 Enable TLS-AES-128-CCM-SHA256 in TLS 1.3.
TLS-AES-128-CCM-8-SHA256 Enable TLS-AES-128-CCM-8-SHA256 in TLS 1.3.
Notes:
- It is highly advisable to disable TLS Versions 1.0 and 1.1 as they are officially deprecated protocols and deemed as unsecured. Furthermore, as a best practice, RSA cipher suites should be disabled as well.
- Removing some of the old ciphers and SSL versions might have an impact on old versions of clients like old browsers or old versions for the client, so verify the SSL version and ciphers supported by clients before making these changes.
- Cipher can only be used when the algorithm lever is either low or medium and it is not supported high level.
