Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JeanChristophe
New Contributor

Disable TLS1.3 for SSL Deep Inspection

Hi Guys,

 

Running FortiOS v6.4.7, I noticed the following issue.

When trying to reach with any Browser I got a timeout.

If try to connect using 'openssl s_client -connect cdnjs.cloudflare.com:443 -tls1_3' the connection fails while when I connect using tls1_2 version it works correctly.

I'v also a wireshark trace taken from the firewall itself, where the negotiation with cloudflare fails.

 

Do you have any advice about how to handle this issue (I'm not keen to adding exclusion to the Deep Inspection Profile).

 

Thanks & Have a great day.

 

Jean-Christophe

1 REPLY 1
boneyard
Valued Contributor

flow mode or proxy mode?