- Checking TLS Version Configuration: Execute the following command to view the current TLS version settings:
show full-configuration system web
config system web
set gui-language browser
set http-port 80
set https-pki-required disable
set https-port 443
set https-server-cert "Fortinet_Factory"
set https-ssl-versions tlsv1-1 tlsv1-2 tlsv1-3
end
The output will display the configured TLS versions, typically including tlsv1-1, tlsv1-2, and tlsv1-3.
- Removing a Specific TLS Version: To disable a particular TLS version, follow these steps:
config system web
set https-ssl-versions tlsv1-<version> tlsv1-<version> <----- Replace <version> with the desired TLS version (e.g., tlsv1-1 or tlsv1-2). This command will remove the specified version from the allowed list.
Note:
It is generally recommended to maintain support for multiple TLS versions to ensure compatibility with various devices and services. However, if security concerns dictate the removal of a specific version, follow the steps outlined above.
|
