Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Disable SSL/TLS Diffie-Hellman Modulus <= 1024...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Disable SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
We were doing some penentration tests on our systems and we found out that on our FortiGate 200D which has SSL VPN enabled it is susceptible to the LongJam attack.
In the SSL VPN Settings, the below values have been set:
set algorithm high set sslv2 disable set sslv3 disable
In the Global COnfig, the below settings have been set:
set strong-crypto enable
Yet, when we perform the test again, the below output is presented to us:
Vulnerable connection combinations : SSL/TLS version : TLSv1.1 Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA Diffie-Hellman MODP size (bits) : 1024 Warning - This is a known static Oakley Group2 modulus. This may make the remote host more vulnerable to the Logjam attack. Logjam attack difficulty : Hard (would require nation-state resources) SSL/TLS version : TLSv1.1 Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA Diffie-Hellman MODP size (bits) : 1024 Warning - This is a known static Oakley Group2 modulus. This may make the remote host more vulnerable to the Logjam attack. Logjam attack difficulty : Hard (would require nation-state resources) SSL/TLS version : TLSv1.1 Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA Diffie-Hellman MODP size (bits) : 1024 Warning - This is a known static Oakley Group2 modulus. This may make the remote host more vulnerable to the Logjam attack. Logjam attack difficulty : Hard (would require nation-state resources) SSL/TLS version : TLSv1.1 Cipher suite : TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA Diffie-Hellman MODP size (bits) : 1024 Warning - This is a known static Oakley Group2 modulus. This may make the remote host more vulnerable to the Logjam attack. Logjam attack difficulty : Hard (would require nation-state resources) SSL/TLS version : TLSv1.1 Cipher suite : TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA Diffie-Hellman MODP size (bits) : 1024 Warning - This is a known static Oakley Group2 modulus. This may make the remote host more vulnerable to the Logjam attack. Logjam attack difficulty : Hard (would require nation-state resources) SSL/TLS version : TLSv1.0 Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA Diffie-Hellman MODP size (bits) : 1024 Warning - This is a known static Oakley Group2 modulus. This may make the remote host more vulnerable to the Logjam attack. Logjam attack difficulty : Hard (would require nation-state resources) SSL/TLS version : TLSv1.0 Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA Diffie-Hellman MODP size (bits) : 1024 Warning - This is a known static Oakley Group2 modulus. This may make the remote host more vulnerable to the Logjam attack. Logjam attack difficulty : Hard (would require nation-state resources) SSL/TLS version : TLSv1.0 Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA Diffie-Hellman MODP size (bits) : 1024 Warning - This is a known static Oakley Group2 modulus. This may make the remote host more vulnerable to the Logjam attack. Logjam attack difficulty : Hard (would require nation-state resources) SSL/TLS version : TLSv1.0 Cipher suite : TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA Diffie-Hellman MODP size (bits) : 1024 Warning - This is a known static Oakley Group2 modulus. This may make the remote host more vulnerable to the Logjam attack. Logjam attack difficulty : Hard (would require nation-state resources) SSL/TLS version : TLSv1.0 Cipher suite : TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA Diffie-Hellman MODP size (bits) : 1024 Warning - This is a known static Oakley Group2 modulus. This may make the remote host more vulnerable to the Logjam attack. Logjam attack difficulty : Hard (would require nation-state resources)
Does anyone know how to disable the cipher in question or upgrade it to a 2048 bits?
Thank you in advance,
Thanasis
Solved! Go to Solution.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
4 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try set ssl-dh-bits 2048 (see http://docs.fortinet.com/d/fortigate-cli-reference-pdf)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you kill off the sslvpn process and let it restart?
Also what version of fortiOS are you running? And are you 100% sure the server-certificate is a 1k or 2k bit key?
Something don't sound right. Even 4.0MR3 supports 2k bit keys by default.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not that it will help immediately, but I am working through this with a client as well as their scans are showing the same thing.
I tested a few of my client sites using weakdh.org and confirmed the =1024 bit issue. I have a test firewall on 5.4 Beta 3, and it passes with 2048 bit DH by default.
Now - if Fortinet would just give us a magic pill for 5.2.* I'd be happy.....
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jaustgen wrote:The 5.2.5 upgrade did fix this. I had this escalated up to the executive level through my sales team. A formal response never came. I have tested 5.2.5 and they have fixed the default DH group by setting it to 14. It appears they were using group 5 before.Was there ever any resolution to this?
Network Engineer
Network Engineer
22 REPLIES 22
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try set ssl-dh-bits 2048 (see http://docs.fortinet.com/d/fortigate-cli-reference-pdf)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
denache wrote:Try set ssl-dh-bits 2048 (see http://docs.fortinet.com/d/fortigate-cli-reference-pdf)
Thank you for this!
Unfortunately it did not help...
It still comes up as the same vulnerability...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you kill off the sslvpn process and let it restart?
Also what version of fortiOS are you running? And are you 100% sure the server-certificate is a 1k or 2k bit key?
Something don't sound right. Even 4.0MR3 supports 2k bit keys by default.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
emnoc wrote:Did you kill off the sslvpn process and let it restart?
Also what version of fortiOS are you running? And are you 100% sure the server-certificate is a 1k or 2k bit key?
Something don't sound right. Even 4.0MR3 supports 2k bit keys by default.
Thank you for the swift reply!
I have restarted the process but it is still coming up in the scan....
The fortiOS version is: v5.2.3,build670 (GA) and the Certificate has a 2K bit key...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
According to http://kb.fortinet.com/kb/documentLink.do?externalID=FD36915 when you enable strong-crypto you should not see CAMELLIA cipher suite.
Maybe you didn't set ssl-dh-bits in config wanopt ssl-server or maybe in config firewall ssl setting
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
denache wrote:According to http://kb.fortinet.com/kb/documentLink.do?externalID=FD36915 when you enable strong-crypto you should not see CAMELLIA cipher suite.
Maybe you didn't set ssl-dh-bits in config wanopt ssl-server or maybe in config firewall ssl setting
I have set the ssl-dh-bits to 2048 and restarted the service on a previous step above but it did not help....
Issue and vulnerability still exists....
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can you run some diag against the https and sslvpn daemons
i.e
diag debug reset
diag debug en
diag debug application httpsd -1
diag debug application sslvpn -1
Some thing is wrong in the approach your taking. Concentrate on the last diag command
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have someone that is seeing the exact same thing. I escalated up through sales channels because support said "You will have to wait for 5.2.5" The super smarties who replied told me the same thing you were told.
config global settings
set strong-crypto enable
When that didn't work they said we had to regenerate the certs even though we are using a 2048 bit RSA sign cert. I also fail to see how the cert affects the supported cipher suites negotiated with the end points. I thought that was more a function of what version of SSL/TLS you were supporting.
I had the greatest hope for the following command
config firewall ssl setting
set ssl-dh-bits 2048
but that didn't seem to affect the sslvpn ssl process.
I too am at a loss and would love a real answer from someone about why our security appliance, that is running latest code, is failing a PCI audit. I will be running the debug commands suggested shortly. I hope the shed some light on this. Is there anything in particular I should be looking for?
debug output from a scan detecting the vulnerability
[118:root:994849]SSL state:before/accept initialization (141.212.120.165)
[118:root:994849]SSL state:SSLv3 read client hello A (141.212.120.165)
[118:root:994849]SSL state:SSLv3 write server hello A (141.212.120.165)
[118:root:994849]SSL state:SSLv3 write certificate A (141.212.120.165)
[117:root:994848]SSL state:before/accept initialization (141.212.120.165)
[117:root:994848]SSL state:fatal handshake failure (141.212.120.165)
SSL state:before/accept initialization (141.212.120.165)
[117:root:994848][116:root:994849]SSL state:SSLv3 read client hello A (141.212.120.165)
[117:root:994848][116:root:994849]SSL state:SSLv3 read client hello C:(null)(141.212.120.165)
SSL state:SSLv3 write server hello A (141.212.120.165)
[117:root:994848]SSL_accept failed, 1:no shared cipher
[117:root:994848]Destroy sconn 0x2a98c4f800, connSize=4.
[116:root:994849]SSL state:SSLv3 write certificate A (141.212.120.165)
[118:root:994849]SSL state:SSLv3 write key exchange A (141.212.120.165)
[118:root:994849]SSL state:SSLv3 write server done A (141.212.120.165)
[118:root:994849]SSL state:SSLv3 flush data (141.212.120.165)
[118:root:994849]SSL state:SSLv3 read client certificate A:system lib(141.212.120.165)
[118:root:994849][116:root:994849]SSL state:SSLv3 read client certificate A:system lib(141.212.120.165)
SSL state:SSLv3 write key exchange A (141.212.120.165)
[116:root:994849]SSL state:SSLv3 write server done A (141.212.120.165)
[116:root:994849]SSL state:SSLv3 flush data (141.212.120.165)
[116:root:994849]SSL state:SSLv3 read client certificate A:system lib(141.212.120.165)
[116:root:994849]SSL state:SSLv3 read client certificate A:system lib(141.212.120.165)
[118:root:994849]SSL state:fatal handshake failure (141.212.120.165)
[118:root:994849]SSL state:sslv3 alert handshake failure(141.212.120.165)
[118:root:994849]SSL_accept returned 0.
[118:root:994849]Destroy sconn 0x2a98c49000, connSize=4.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
but that didn't seem to affect the sslvpn ssl process.
I think that's for the ssl-explicit proxy btw.
So on the debug, the output shows the client connecting with sslvpn and negotiated . Was any details draft on the cert and such. Also if you pull the certificate from the Fortigate what does it show you on the key-size? I still believe you server-crt is a 1k bit certification or the wrong cert deployed or your mistaken on what you have installed.
I would double, and triple check by grabbing the serial# and reviewing what certificates you have installed.
e.g ( to see what you have )
diag hardware certificate
e.g (i.e checking goog-gmail for a example )
openssl s_client -connect www.gmail.com:443 | openssl x509 -dates -serial -noout -text | grep "RSA Public"
E.g ( see attached of the keysize from a download certificate from a FGT100D )
Ken
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,472 -
FortiClient
1,716 -
5.2
801 -
FortiManager
712 -
5.4
639 -
FortiAnalyzer
547 -
FortiSwitch
457 -
FortiAP
457 -
6.0
416 -
FortiClient EMS
407 -
5.6
362 -
FortiMail
308 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
222 -
FortiWeb
200 -
5.0
196 -
IPsec
186 -
FortiNAC
177 -
FortiGuard
136 -
6.4
128 -
SD-WAN
110 -
FortiGateCloud
100 -
FortiSIEM
98 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
84 -
Customer Service
78 -
Wireless Controller
75 -
Firewall policy
71 -
4.0MR3
64 -
FortiProxy
59 -
Fortivoice
53 -
FortiADC
53 -
High Availability
52 -
FortiEDR
50 -
vlan
47 -
ZTNA
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
DNS
40 -
Routing
39 -
BGP
38 -
LDAP
38 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
33 -
Authentication
31 -
SSO
31 -
Interface
31 -
NAT
30 -
RADIUS
29 -
FortiConnect
27 -
FortiLink
26 -
FortiWAN
25 -
FortiConverter
25 -
VDOM
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
Web profile
24 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
20 -
FortiPortal
19 -
SSL SSH inspection
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Intrusion prevention
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1661 | |
| 1077 | |
| 752 | |
| 443 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.