Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jakob-AHHG
Contributor II

FortiSwitch: Forbidden....Reason: Cannot perform Post-Handshake Authentication.

This Tech-Tip desribes how FortiSwitch OS up till 7.4.0, can have issues with TLS 1.3.

  1. This is still an issue with 7.4.2!
  2. How come, this is a problem with latest browser versions, like Chrome & Firefox?

 

Are FortiSwitches telling it supports TLS 1.3, but in reality, it dosen't?

Jakob Peterhänsel,
IT System Admin,
Arp-Hansen Hotrel Group A/S, Copenhagen, DK
Jakob Peterhänsel,IT System Admin,Arp-Hansen Hotrel Group A/S, Copenhagen, DK
1 Solution
hbac

@Jakob-AHHG,

 

As of now, we have no plan to change anything on switch side as it's a browser side issue. Safari is working fine. For Firefox, it is possible to fix it in 'about:config', and set 'security.tls.enable_post_handshake_auth' to 'true'.

 

Regards, 

View solution in original post

5 REPLIES 5
Jakob-AHHG
Contributor II

Note: This does not seem to be an issue on Mac OS X's Safari..  

Jakob Peterhänsel,
IT System Admin,
Arp-Hansen Hotrel Group A/S, Copenhagen, DK
Jakob Peterhänsel,IT System Admin,Arp-Hansen Hotrel Group A/S, Copenhagen, DK
hbac
Staff
Staff

Hi @Jakob-AHHG,

 

The article you provided is for FortiSwitch OS 7.4.0 or above which includes 7.4.2. Did you follow suggestions provided in the article?

 

Regards,  

Jakob-AHHG

Ahh, my bad!

Yeah, just did that on a switch.. but why would I like to not use TLS1.3 ?!?
If I had old browser, I could understand.. 

Please fix! I do not want to have to apply this security downgrade to 100 switches!

Jakob Peterhänsel,
IT System Admin,
Arp-Hansen Hotrel Group A/S, Copenhagen, DK
Jakob Peterhänsel,IT System Admin,Arp-Hansen Hotrel Group A/S, Copenhagen, DK
hbac

@Jakob-AHHG,

 

As of now, we have no plan to change anything on switch side as it's a browser side issue. Safari is working fine. For Firefox, it is possible to fix it in 'about:config', and set 'security.tls.enable_post_handshake_auth' to 'true'.

 

Regards, 

Jakob-AHHG

Well, if it ain't your bug to fix, than I'm happy with that - then we just need pressure on the browser developers.. ;) 

Jakob Peterhänsel,
IT System Admin,
Arp-Hansen Hotrel Group A/S, Copenhagen, DK
Jakob Peterhänsel,IT System Admin,Arp-Hansen Hotrel Group A/S, Copenhagen, DK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors