We encountered an issue where we needed to enable SSL protection on our internal web server to provide connections for external visitors. After enabling SSL protection, the browser displayed ERR_CONNECTION_RESET. When checking with openssl s_client -connect, we found that TLS1.3 was not supported, but TLS1.2 was supported. We also confirmed that the backend server originally supported TLS1.3, but when we switched the firewall mode to proxy mode, it could support TLS1.3 and the browser could access the website normally.
Which FOS version?
7.2.10
are you using a self signed certificate for the internal web server?
Created on 01-14-2025 12:48 AM Edited on 01-14-2025 12:49 AM
yes,My default web server will use a self-signed certificate, only the domain application uses a CA certificate.
Hello, even if I change the server certificate to a CA certificate, the situation remains the same.
Thanks for testing that. Can you open a ticket with our TAC to investigate further?
ok
User | Count |
---|---|
1923 | |
1144 | |
769 | |
447 | |
279 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.