Created on 01-04-2023 11:57 PM Edited on 01-04-2023 11:58 PM By Anthony_E
Description | This article describes how to prove transport layer security version 1.1 is already disabled in FortiGate administrative access using Wireshark. |
Scope | FortiGate. |
Solution |
Capture the packet by filtering source ip open the connection to test TLS 1.1, command as below:
# diagnose sniffer packet any "host <source ip> and port 443" 6 0
<source ip> is the IP address that tries to connect to the FortiGate using service port number tcp-443(https).
After capturing the packet, convert the file into .pcap format and open using Wireshark.
It is possible to filter TLS version by using 'tls.record.version == 0x0302' to observe the packet. For example, SSL handshakes from client have initiated TLSv1.1 but it has been rejected with the description 'Handshake Failure' as shown in the screenshot below:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.