Help
FortiNAC
FortiNAC is a s a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
ethomollari
Staff
Staff

Created on ‎11-01-2022 04:41 AM

Technical Tip: Retrieving a list of SSH and TLS/SSL Ciphers supported by FortiNAC appliances

Description This article lists the SSH and TLS ciphers supported by FNAC appliances and explains how to retrieve them.
Scope FortiNAC 8.8.x, 9.x.
Solution

To retrieve the list of ciphers used by FortiNAC, use the nmap tool in Linux distributions with the FortiNAC management IP.

  

To retrieve a list of supported SSH Ciphers, run the following command in the CLI:

 

# nmap -p22 -n -sV --script ssh2-enum-algos 192.168.200.200

Starting Nmap 7.80 ( https://nmap.org ) at 2022-10-17 13:00 CEST
Nmap scan report for 192.168.200.200
Host is up (0.00030s latency).

PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.9 (protocol 2.0)
| ssh2-enum-algos:
| kex_algorithms: (10)
| curve25519-sha256
| curve25519-sha256@libssh.org
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| sntrup761x25519-sha512@openssh.com
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group14-sha256
| server_host_key_algorithms: (4)
| rsa-sha2-512
| rsa-sha2-256
| ecdsa-sha2-nistp256
| ssh-ed25519
| encryption_algorithms: (6)
| chacha20-poly1305@openssh.com
| aes128-ctr
| aes192-ctr
| aes256-ctr
| aes128-gcm@openssh.com
| aes256-gcm@openssh.com
| mac_algorithms: (10)
| umac-64-etm@openssh.com
| umac-128-etm@openssh.com
| hmac-sha2-256-etm@openssh.com
| hmac-sha2-512-etm@openssh.com
| hmac-sha1-etm@openssh.com
| umac-64@openssh.com
| umac-128@openssh.com
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| compression_algorithms: (2)
| none
|_ zlib@openssh.com

 

To retrieve a list of supported TLS/SSL Ciphers, run the following command in the CLI:

 

# nmap --script ssl-enum-ciphers -p 8443 192.168.40.110

Starting Nmap 7.40 ( https://nmap.org ) at 2021-08-10 20:02 CEST
Stats: 0:00:00 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 100.00% done; ETC: 20:02 (0:00:00 remaining)
Nmap scan report for fnac-latest.forti.lab (192.168.40.110)
Host is up (0.000058s latency).
PORT STATE SERVICE
8443/tcp open https-alt
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: client
|_ least strength: A
192
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.