Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kartoffelbrei
New Contributor

Logjam, More control over Cipher Suites

Hello,

 

we are using one of your FortiWeb Products with 5.35 Firmware in Reverse Proxy Mode. I have a few questions to this.

 

A few weeks ago a SSL vulnerable called Logjam was discovered. The researches recommend to generate a strong Diffie Hellman Group (2048-bit and more) https://weakdh.org/sysadmin.html. FortiWeb only supports 1024-bit. 1024 might be enough, but it is recommend to use more. In fact, we had SSL Labs A-Rating. Now it is capped to B, because of that.

 

Is there any way to generate 2048 DHE group, better 4096? I would also be nice to have a more control over that. Cloudflare only supports ECDHE. So they don't have these problems. Maybe you could integrate a function in future firmware versions to completely disable DHE and only enable ECDHE.

 

In general I would like to see more control over the SSL Configuration in FortiWeb. The recommend SSL configuration for Webservers in changing frequently nowadays. It is nearly impossible to keep up with latest security recommendations, when I don't have control over it.

 

Regards

6 REPLIES 6
Courtney_Schwartz

http://www.fortiguard.com/advisory/FG-IR-15-013/

 

You've probably noticed how in FortiWeb 5.3 we are already adding more fine-grained controls for SSL/TLS.  If you require Qualys ratings, please contact your sales channel to see if you need an NFR (new feature request).

 

Often, you don't need to configure any new options; just upgrade ASAP. Fortinet takes care of it under-the-hood. An RNG usage flaw or MiTM forced downgrade like FREAK or Logjam would be one such example. FortiWeb won't necessarily be vulnerable to those, anyway. (It wasn't vulnerable to FREAK and Heartbleed and others.)

damiri
New Contributor

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS   WEAK

128

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS   WEAK

128

TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS   WEAK

          128

 

so what would be best way to get rid of DH1024? How much of control is there in 5.3 over this?

Courtney_Schwartz

damiri, there are some basic controls over encryption strength in FortiWeb 5.3+. You'll find them in the server policies, under the advanced SSL options.

 

If you need individual cipher or bit strength control, please contact your sales channel to see if you need an NFR (new feature request).

damiri
New Contributor

So DH1024 can't be turned off or something like that?

Courtney_Schwartz

A developer with full access to source code can add that level of fine-grained control. It may already be on the roadmap, but if you contact them, you can give your input. That way it will have the exact behaviour that you need.

 

That's why I recommend that if the current release does not do what you need, please contact your reseller or file an NFR with us.

opetr_FTNT
Staff
Staff

Hello Damiri,

 

You can use following to increase the DH key size -

 

config system global   set dh-params 2048 end

 

This works on firmware version 5.36 or newer.

 

Regards,

Ondrej