Issue with TLS-settings

sklotz · ‎09-30-2021

Hi there,

we've installed a FortiProxy VM64 running 7.0.0 and we are facing issues with HTTPS connections.

WebGUI access via https is not possible and als web-proxy connection for https-websites are not working.

Both use-cases via http are working fine. So we assume this is a general TLS-settings problem.

In Wireshark, we see that after the Client Hello packet there is directly a RST-packet.

Is there some configuration required? Is this a FortiProxy related topic or might this also depend on special settings of the underlying VM host system (if so, which one)?

Do you have any idea here? Or any additional steps we can perform to better investigate this issue?

Which settings are interesting for you, so we can provide you our current settings (most of them should be default)?

Thank you!

Regards,

Stefan :)

ndumaj · ‎05-05-2023

Hi,

By default, Fortiproxy set the minimum support TLS version to 1.2
You may try to change under config system global:

config system global
set ssl-min-proto-version {SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2 | TLSv1-3}
end

Additionally for ciphers:
set admin-https-ssl-banned-ciphers {option1}, {option2}, ...

PCAP should provide more evidence.

BR

- Happy to help, hit like and accept the solution -

abarushka · ‎05-05-2023

Hello Stefan,

I would like to double check whether your FortiProxy is running demo license or full license? Moreover, could you please clarify whether FortiProxy or client is sending RST packet?

FortiGate

stevediaz · ‎08-24-2023

The command given by @ndumaj is not working in my system!

Issue with TLS-settings

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website