1. Checking TLS Version Configuration: Execute the following command to view the current TLS version settings:

show full-configuration system web

config system web

    set gui-language browser

    set http-port 80

    set https-pki-required disable

    set https-port 443

    set https-server-cert "Fortinet_Factory"

    set https-ssl-versions tlsv1-1 tlsv1-2 tlsv1-3

end

The output will display the configured TLS versions, typically including tlsv1-1, tlsv1-2, and tlsv1-3.

2. Removing a Specific TLS Version:  To disable a particular TLS version, follow these steps:

config system web

    set https-ssl-versions tlsv1-<version> tlsv1-<version> <----- Replace <version> with the desired TLS version (e.g., tlsv1-1 or tlsv1-2). This command will remove the specified version from the allowed list.

Note:

It is generally recommended to maintain support for multiple TLS versions to ensure compatibility with various devices and services. However, if security concerns dictate the removal of a specific version, follow the steps outlined above.