Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jakob-AHHG
Contributor II

Created on ‎01-17-2024 07:06 AM Edited on ‎02-26-2024 03:34 AM By Community Manager

FortiSwitch: Forbidden....Reason: Cannot perform Post-Handshake Authentication.

This Tech-Tip desribes how FortiSwitch OS up till 7.4.0, can have issues with TLS 1.3.

  1. This is still an issue with 7.4.2!
  2. How come, this is a problem with latest browser versions, like Chrome & Firefox?

 

Are FortiSwitches telling it supports TLS 1.3, but in reality, it dosen't?

Jakob Peterhänsel,
IT System Admin,
Arp-Hansen Hotrel Group A/S, Copenhagen, DK
Jakob Peterhänsel,IT System Admin,Arp-Hansen Hotrel Group A/S, Copenhagen, DK
Labels:
3245
0 Kudos
1 Solution
hbac
Staff
Staff
In response to Jakob-AHHG

Created on ‎01-18-2024 07:05 AM

@Jakob-AHHG,

 

As of now, we have no plan to change anything on switch side as it's a browser side issue. Safari is working fine. For Firefox, it is possible to fix it in 'about:config', and set 'security.tls.enable_post_handshake_auth' to 'true'.

 

Regards, 

View solution in original post

3185
5 REPLIES 5
Jakob-AHHG
Contributor II

Created on ‎01-18-2024 04:44 AM

Note: This does not seem to be an issue on Mac OS X's Safari..  

Jakob Peterhänsel,
IT System Admin,
Arp-Hansen Hotrel Group A/S, Copenhagen, DK
Jakob Peterhänsel,IT System Admin,Arp-Hansen Hotrel Group A/S, Copenhagen, DK
3216
0 Kudos
hbac
Staff
Staff

Created on ‎01-18-2024 06:06 AM

Hi @Jakob-AHHG,

 

The article you provided is for FortiSwitch OS 7.4.0 or above which includes 7.4.2. Did you follow suggestions provided in the article?

 

Regards,  

3203
Jakob-AHHG
Contributor II
In response to hbac

Created on ‎01-18-2024 06:11 AM

Ahh, my bad!

Yeah, just did that on a switch.. but why would I like to not use TLS1.3 ?!?
If I had old browser, I could understand.. 

Please fix! I do not want to have to apply this security downgrade to 100 switches!

Jakob Peterhänsel,
IT System Admin,
Arp-Hansen Hotrel Group A/S, Copenhagen, DK
Jakob Peterhänsel,IT System Admin,Arp-Hansen Hotrel Group A/S, Copenhagen, DK
3200
0 Kudos
hbac
Staff
Staff
In response to Jakob-AHHG

Created on ‎01-18-2024 07:05 AM

@Jakob-AHHG,

 

As of now, we have no plan to change anything on switch side as it's a browser side issue. Safari is working fine. For Firefox, it is possible to fix it in 'about:config', and set 'security.tls.enable_post_handshake_auth' to 'true'.

 

Regards, 

3186
Jakob-AHHG
Contributor II
In response to hbac

Created on ‎01-18-2024 07:08 AM

Well, if it ain't your bug to fix, than I'm happy with that - then we just need pressure on the browser developers.. ;) 

Jakob Peterhänsel,
IT System Admin,
Arp-Hansen Hotrel Group A/S, Copenhagen, DK
Jakob Peterhänsel,IT System Admin,Arp-Hansen Hotrel Group A/S, Copenhagen, DK
3183
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.