Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ipranger
Contributor

Very very low Ciphers/Encryption on Forticlient 6.4.x for Android (IPSEC)

Hello all, 

 

i'am using here FortiOS7 with lates Forticlient for Android 6.4.6.0507.  IPSEC works, but the highest encryption level ist AES128 and  SHA-1. https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

https://en.wikipedia.org/wiki/SHA-1

 

Can anyone tell me the reason for building a VPN client with almost the lowest encryption? That used to be safe many many years ago.

 

Very Thanks and best Regards

Fireon

 

Fortigate 60E v7.x (GA)

Fortigate 60E v7.x (GA)
3 REPLIES 3
emnoc
Esteemed Contributor III

Okay sha1 is not hackable. If you are using  pfs in your ipsec configuration your safe from any attacks. if in doubt run short IKE/IPSEC key-life but I would not personally be worried over sha1.   

 

Now yes FC6.4 still supports md5/sha1 "only" , why that is a business question to FTNT. Strongsan and greenbow are great alternative for ipsec-clients.

 

I think one of the reason mobile-devices are not using top-notch encryption is due to the size of the processors in the phone and the vendor don't not want to overburden these devices. Just my wild guess.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
ipranger

Thank you for this information and your Recommendation in the other thread. This can be an solution. 

Fortigate 60E v7.x (GA)

Fortigate 60E v7.x (GA)
emnoc
Esteemed Contributor III

NP ,  I also throw in NCP in that other thread. It's very reliable. Actually all of them are very good. I will update some details on the blog and specifically with greenbow here in soon.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors