Created on 11-01-2022 04:41 AM Edited on 01-11-2024 09:44 PM By Anthony_E
Description | This article lists the SSH algorithms and TLS ciphers supported by FNAC appliances and explains how to retrieve them. |
Scope | FortiNAC v8.8.x, v9.x. |
Solution |
To retrieve the list of algorithms and ciphers used by FortiNAC, use the nmap tool in Linux distributions with the FortiNAC management IP.
To retrieve a list of supported SSH algorithms, run the following command in the CLI:
# nmap -p22 -n -sV --script ssh2-enum-algos 192.168.200.200
Starting Nmap 7.80 ( https://nmap.org ) at 2022-10-17 13:00 CEST Nmap scan report for 192.168.200.200 Host is up (0.00030s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9 (protocol 2.0) | ssh2-enum-algos: | kex_algorithms: (10) | curve25519-sha256 | curve25519-sha256@libssh.org | ecdh-sha2-nistp256 | ecdh-sha2-nistp384 | ecdh-sha2-nistp521 | sntrup761x25519-sha512@openssh.com | diffie-hellman-group-exchange-sha256 | diffie-hellman-group16-sha512 | diffie-hellman-group18-sha512 | diffie-hellman-group14-sha256 | server_host_key_algorithms: (4) | rsa-sha2-512 | rsa-sha2-256 | ecdsa-sha2-nistp256 | ssh-ed25519 | encryption_algorithms: (6) | chacha20-poly1305@openssh.com | aes128-ctr | aes192-ctr | aes256-ctr | aes128-gcm@openssh.com | aes256-gcm@openssh.com | mac_algorithms: (10) | umac-64-etm@openssh.com | umac-128-etm@openssh.com | hmac-sha2-256-etm@openssh.com | hmac-sha2-512-etm@openssh.com | hmac-sha1-etm@openssh.com | umac-64@openssh.com | umac-128@openssh.com | hmac-sha2-256 | hmac-sha2-512 | hmac-sha1 | compression_algorithms: (2) | none |_ zlib@openssh.com This is broken down into the following algorithms by type:
Ciphers:
MACs:
To retrieve a list of supported TLS/SSL Ciphers, run the following command in the CLI:
# nmap --script ssl-enum-ciphers -p 8443 192.168.40.110
Starting Nmap 7.40 ( https://nmap.org ) at 2021-08-10 20:02 CEST Stats: 0:00:00 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 100.00% done; ETC: 20:02 (0:00:00 remaining) Nmap scan report for fnac-latest.forti.lab (192.168.40.110) Host is up (0.000058s latency). PORT STATE SERVICE 8443/tcp open https-alt | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: client |_ least strength: A |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.