Hello,
we are using one of your FortiWeb Products with 5.35 Firmware in Reverse Proxy Mode. I have a few questions to this.
A few weeks ago a SSL vulnerable called Logjam was discovered. The researches recommend to generate a strong Diffie Hellman Group (2048-bit and more) https://weakdh.org/sysadmin.html. FortiWeb only supports 1024-bit. 1024 might be enough, but it is recommend to use more. In fact, we had SSL Labs A-Rating. Now it is capped to B, because of that.
Is there any way to generate 2048 DHE group, better 4096? I would also be nice to have a more control over that. Cloudflare only supports ECDHE. So they don't have these problems. Maybe you could integrate a function in future firmware versions to completely disable DHE and only enable ECDHE.
In general I would like to see more control over the SSL Configuration in FortiWeb. The recommend SSL configuration for Webservers in changing frequently nowadays. It is nearly impossible to keep up with latest security recommendations, when I don't have control over it.
Regards
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
http://www.fortiguard.com/advisory/FG-IR-15-013/
You've probably noticed how in FortiWeb 5.3 we are already adding more fine-grained controls for SSL/TLS. If you require Qualys ratings, please contact your sales channel to see if you need an NFR (new feature request).
Often, you don't need to configure any new options; just upgrade ASAP. Fortinet takes care of it under-the-hood. An RNG usage flaw or MiTM forced downgrade like FREAK or Logjam would be one such example. FortiWeb won't necessarily be vulnerable to those, anyway. (It wasn't vulnerable to FREAK and Heartbleed and others.)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 1024 bits (p: 128, g: 1, Ys: 128) FS WEAK
128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 1024 bits (p: 128, g: 1, Ys: 128) FS WEAK
128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 1024 bits (p: 128, g: 1, Ys: 128) FS WEAK
128
so what would be best way to get rid of DH1024? How much of control is there in 5.3 over this?
damiri, there are some basic controls over encryption strength in FortiWeb 5.3+. You'll find them in the server policies, under the advanced SSL options.
If you need individual cipher or bit strength control, please contact your sales channel to see if you need an NFR (new feature request).
So DH1024 can't be turned off or something like that?
A developer with full access to source code can add that level of fine-grained control. It may already be on the roadmap, but if you contact them, you can give your input. That way it will have the exact behaviour that you need.
That's why I recommend that if the current release does not do what you need, please contact your reseller or file an NFR with us.
Hello Damiri,
You can use following to increase the DH key size -
config system global set dh-params 2048 end
This works on firmware version 5.36 or newer.
Regards,
Ondrej
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.