This article describes how to disable ciphers on FortiMail.
FortiMail uses the '# config system global' configuration by default. The admin users can modify the size of the Diffie-Helman prime, SSL versions (such as TLS1.0 TLS1.1 TLS1.2 TLS1.3), and strong encryption for SMTP and HTTP protocols. However, there is no permission to edit cipher suit there.
The expectation is that the weak cipher will be removed from the list.
The following configuration should be used:
While updating custom ciphers;
All ciphers used can be seen with the 'get' command:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.