For example, for TLS 1.2, i want to enable / use only these cipher suites and in order / priority. Meaning that all other TLS1.2 not in the list below, will not be accepted / allowed. Is there any possible way to do so, if so how? If not, what would be the best / closest method in achieving something like this or similar. THANK YOU SO MUCH!!! I really appreciate any sort of help.
TLS1.2 Ciphers
1 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
2 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
3 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
4 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
5 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
6 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
7 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
8 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
9 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
10 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
There are some ways to do it.
First you enable if you want strong cyphers or weak cyphers, and then you choose which one to use from cypher suite:
FortiGate encryption algorithm cipher suites | FortiGate / FortiOS 7.0.0 | Fortinet Document Library
Enabling individual ciphers in the SSH administrative access protocol 7.0.2 | FortiGate / FortiOS 7....
Keep in mind that you have to do this for different services, like mgmt, sslvpn, ssl inspection.
You mean for FortiGate local traffic or for SSL inspection profile?
There are some ways to do it.
First you enable if you want strong cyphers or weak cyphers, and then you choose which one to use from cypher suite:
FortiGate encryption algorithm cipher suites | FortiGate / FortiOS 7.0.0 | Fortinet Document Library
Enabling individual ciphers in the SSH administrative access protocol 7.0.2 | FortiGate / FortiOS 7....
Keep in mind that you have to do this for different services, like mgmt, sslvpn, ssl inspection.
Thanks for all who helped, I think for now I am satisfied with the answers I have found.
Hi @trymeee
Thanks for the feedback.
Can you mark my answer as a solution so other guys that might require the same information, have it easier to find this post?
Thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.