- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiClient 5.2.3.370 : TLS v1.2 is Not Supported by OS
Hello
I updated my FortiClient today on my Mac with 10.8.5. When I try to log in using Remove Access I now get the above error message.
How do I correct?
Or can I download the older version ( 5.0.6) that worked fine with Remove Access.
Thanks
Tim
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It appears that MAC OS 10.9 and above will have OS and browser support for TLS v1.2.
https://discussions.apple.com/thread/5128209?start=0&tstart=0
http://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.2
Option 1
To download FotiClient v5.0.6, login to support.fortinet.com and click "Download" -> "Firmware Images" -> Select "FortiClient" in the drop down list. Then browse to v5.0.6 FCT download.
Option 2
The default FortiGate configuration is as follows for the TLS negotiation on v5.2.2 of the FortiOS. If you would like to keep the latest FCT software installed you can disable TLSv1-2 in the CLI on the FortiGate and the max negotiation that will occur with the FCT will be v1.1.
config vpn ssl settings set tlsv1-0 enable set tlsv1-1 enable set tlsv1-2 enable end
Let me know if this helps.
Best Regards,
-Robin.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It appears that MAC OS 10.9 and above will have OS and browser support for TLS v1.2.
https://discussions.apple.com/thread/5128209?start=0&tstart=0
http://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.2
Option 1
To download FotiClient v5.0.6, login to support.fortinet.com and click "Download" -> "Firmware Images" -> Select "FortiClient" in the drop down list. Then browse to v5.0.6 FCT download.
Option 2
The default FortiGate configuration is as follows for the TLS negotiation on v5.2.2 of the FortiOS. If you would like to keep the latest FCT software installed you can disable TLSv1-2 in the CLI on the FortiGate and the max negotiation that will occur with the FCT will be v1.1.
config vpn ssl settings set tlsv1-0 enable set tlsv1-1 enable set tlsv1-2 enable end
Let me know if this helps.
Best Regards,
-Robin.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As Robin mentioned, FortiClient 5.2.3 on Mac OS X 10.9 or 10.10 supports TLS 1.2.
In a future release of FortiClient (say, 5.2.4), FortiClient on Mac OS X 10.8 will use TLS 1.0 to establish connection, if the FortiGate enables it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I can confirm that the solution posted by Robin works perfectly...
Note that in the Forticlient 5.4 and OS X 10.8.x, the problem is the same but the error message is slightly different (just "Cannot connect to VPN server" in place of TLS v1.2 error...) but the Robin's solution works also ;)