Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Bognad
New Contributor

FortiGate-60E Low-Encryption Unable to Access FortiGate WebUI from HTTPS, HTTP only

Hello!

I have FortiGate-60E Low-Encryption

https://kb.fortinet.com/kb/documentLink.do?externalID=FD37333

 

I have error:

This site can’t provide a secure connection

fortigate.local uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH Hide details Unsupported protocol The client and server don't support a common SSL protocol version or cipher suite.       I saw https://forum.fortinet.com/tm.aspx?m=104586 Is FortiGate-60E Low-Encryption support https WebGUI?
2 Solutions
emnoc
Esteemed Contributor III

Guys, I'm sure the LENC models need a 40/56bit browser, hence LENC support. You need to test with a 40bit browser. Any thing modern is NOT going todo  40/56 bit encryption.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
Yurisk
Valued Contributor

Sounds like exercise in frustration - you have to find browser of the Windows XP SP2 era, but then all the HTML5/Javascript of the Fortigate GUI stuff  will not work/work partially with it. 

So the short answer - no, with LENC you don't have HTTPS for management, just HTTP or SSH .

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.

View solution in original post

Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
13 REPLIES 13
Toshi_Esumi
Esteemed Contributor III

It's saying "mismatch" between your client device and the FGT. It's NOT saying the FGT doesn't support the encryption level your device is requiring. Go to CLI under "config system global" then "get | grep admin-https-ssl". You should get like below:

  fg50e-utm (global) # get | grep admin-https-ssl   admin-https-ssl-versions: tlsv1-1 tlsv1-2 tlsv1-3 Then you need to make sure that the browser's supported TLS versions would overlap with them. Each browser would have different way to do the settings, which you need to figure out for your browser.

Bognad

toshiesumi wrote:

It's saying "mismatch" between your client device and the FGT. It's NOT saying the FGT doesn't support the encryption level your device is requiring. Go to CLI under "config system global" then "get | grep admin-https-ssl". You should get like below:

  fg50e-utm (global) # get | grep admin-https-ssl admin-https-ssl-versions: tlsv1-1 tlsv1-2 tlsv1-3 Then you need to make sure that the browser's supported TLS versions would overlap with them. Each browser would have different way to do the settings, which you need to figure out for your browser.

Many thanks for the prompt reply!

I have tried different browsers, they are support tls all versions.

A have tried enable all ssl options:

 

 

Toshi_Esumi
Esteemed Contributor III

I don't think so. You can check if LENC or not with one of methods in the KB:

https://kb.fortinet.com/k....do?externalID=FD37333

Bognad

toshiesumi wrote:

I don't think so. You can check if LENC or not with one of methods in the KB:

https://kb.fortinet.com/k....do?externalID=FD37333

Yes i have LENC=Low Encryption.

Do LENC devices have not https GUI ?

Bognad
New Contributor

 unfortunately, i can attach one file...

 

I Have tried different version tls: 1-2...:

Bognad
New Contributor

 

 

 I think, fortigate has no ciphers support (bcz Low-Encryption version).

Fortigate's  answer "Handshake Failure":

 

 

emnoc
Esteemed Contributor III

Guys, I'm sure the LENC models need a 40/56bit browser, hence LENC support. You need to test with a 40bit browser. Any thing modern is NOT going todo  40/56 bit encryption.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Bognad
New Contributor

emnoc wrote:

Guys, I'm sure the LENC models need a 40/56bit browser, hence LENC support. You need to test with a 40bit browser. Any thing modern is NOT going todo  40/56 bit encryption.

 

Ken Felix

 

Thank you!

But, 56-bit DES encryption is now obsolete, having been replaced as a standard in 2002. Firefox 1 supports 56-bit DES, but does not support WebGUI.

 

Yurisk
Valued Contributor

Sounds like exercise in frustration - you have to find browser of the Windows XP SP2 era, but then all the HTML5/Javascript of the Fortigate GUI stuff  will not work/work partially with it. 

So the short answer - no, with LENC you don't have HTTPS for management, just HTTP or SSH .

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Top Kudoed Authors