Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
f2480126
New Contributor

SSL Deep Inspection Flow-based mode will not support TLS1.3

We encountered an issue where we needed to enable SSL protection on our internal web server to provide connections for external visitors. After enabling SSL protection, the browser displayed ERR_CONNECTION_RESET. When checking with openssl s_client -connect, we found that TLS1.3 was not supported, but TLS1.2 was supported. We also confirmed that the backend server originally supported TLS1.3, but when we switched the firewall mode to proxy mode, it could support TLS1.3 and the browser could access the website normally.

7 REPLIES 7
AEK
SuperUser
SuperUser

Which FOS version?

AEK
AEK
f2480126
New Contributor

7.2.10

srajeswaran
Staff
Staff

are you using a self signed certificate for the internal web server?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
f2480126

yes,My default web server will use a self-signed certificate, only the domain application uses a CA certificate.

f2480126

Hello, even if I change the server certificate to a CA certificate, the situation remains the same.

srajeswaran

Thanks for testing that. Can you open a ticket with our TAC to investigate further?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
f2480126

ok

Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors