Hello,
Discovered that starting from FortiClient 7.2.5, the 1st 'Client Hello' packet added TLS1.1 as supported version and caused problem in establishing VPN connection with proxy (seems the proxy disallowed the TLS 1.1 support).
This can be overcome by creating registry keys HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1
DisableByDefault = 1
Enabled = 0
However, this has no effect in Windows 10 as the format of the1st 'Client Hello' is different from that of Windows 11 which does not carry the 'supported_versions' information.
Is there any method to make this works in Windows 10 environment?
Thanks.
I would say that the proxy's behaviour should be fixed then.
TLS version of a session is not established until both sides agree, so a middle-box blocking a session because it sees 1.1 mentioned in a ClientHello and interprets is as TLS 1.1 is factually wrong.
Created on ‎06-06-2025 05:15 PM Edited on ‎06-06-2025 05:16 PM
Thanks pminaril, agreed your point.
However, altering the middle-box is not feasible at the moment. Just wonder what actually changed from FortiClient 7.2.5 and newer version that created this symptom (the connection establishment stops at 10%).
User | Count |
---|---|
2552 | |
1356 | |
795 | |
647 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.