Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
netwrkr
New Contributor

SSL/TLS Full Inspection - permissible cipher suites

Same setup as my last post --

 

Fortigate running with full SSL/TLS inspection.

 

How do we limit the cipher suites the Fortigate accepts from the web servers it connects to? 

 

In the current, default configuration, the Fortigate accepts quite a few undesirable combinations including:

 

DES, RC4, SHA, MD5.

 

Why would a security product, produced in the last decade, EVER allow the likes of DES? 

 

How do you change what the Fortigate accepts to a much stronger cipher suite?

 

Thanks.

Tom

 

PS.  If you want to check it yourself, turn on full SSL inpsection and head to https://howsmyssl.com

 

 

2 Solutions
AndreaSoliva
Contributor III

Hi all

 

as I was reading this post I was quit confiused because the direction goes to "how to prevent the FGT to use some cipher to access som webservers which support none secure ciphers etc. ". Special the use of strong-crypto was confiusing me because this direction is completly false from my point of view. This means if you use strong-crypto it influence as the CLI is mentioning:

 

Enable to use strong encryption and only allow

strong ciphers (AES, 3DES) and digest (SHA1) for

HTTPS/SSH admin access.

When strong encryption is enabled, HTTPS is

supported by the following web browsers: Netscape

7.2, Netscape 8.0, Firefox, and Microsoft Internet

Explorer 7.0 (beta).

Note that Microsoft Internet Explorer 5.0 and 6.0 are

not supported in strong encryption.

 

This means this options is HTTPS/SSH "ADMIN" based nothing else. This can be also tested:

 

Use cipherscan to a admin interface HTTPS (https://github.com/jvehent/cipherscan)

 

# /opt/scripts/cipherscan 198.18.0.1:8443       custom openssl not executable, falling back to system one from /bin/openssl       .................................       Target: 198.18.0.1:8443             prio  ciphersuite                  protocols        pfs                      curves       1     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2          ECDH,prime256v1,256bits  prime256v1       2     ECDHE-RSA-AES256-SHA384      TLSv1.2          ECDH,prime256v1,256bits  prime256v1       3     ECDHE-RSA-AES256-SHA         TLSv1.1,TLSv1.2  ECDH,prime256v1,256bits  prime256v1       4     DHE-RSA-AES256-GCM-SHA384    TLSv1.2          DH,1024bits              None       5     DHE-RSA-AES256-SHA256        TLSv1.2          DH,1024bits              None       6     DHE-RSA-AES256-SHA           TLSv1.1,TLSv1.2  DH,1024bits              None       7     DHE-RSA-CAMELLIA256-SHA      TLSv1.1,TLSv1.2  DH,1024bits              None       8     AES256-GCM-SHA384            TLSv1.2          None                     None       9     AES256-SHA256                TLSv1.2          None                     None       10    AES256-SHA                   TLSv1.1,TLSv1.2  None                     None       11    CAMELLIA256-SHA              TLSv1.1,TLSv1.2  None                     None       12    ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2          ECDH,prime256v1,256bits  prime256v1       13    ECDHE-RSA-AES128-SHA256      TLSv1.2          ECDH,prime256v1,256bits  prime256v1       14    ECDHE-RSA-AES128-SHA         TLSv1.1,TLSv1.2  ECDH,prime256v1,256bits  prime256v1       15    DHE-RSA-AES128-GCM-SHA256    TLSv1.2          DH,1024bits              None       16    DHE-RSA-AES128-SHA256        TLSv1.2          DH,1024bits              None       17    DHE-RSA-AES128-SHA           TLSv1.1,TLSv1.2  DH,1024bits              None       18    ECDHE-RSA-DES-CBC3-SHA       TLSv1.1,TLSv1.2  ECDH,prime256v1,256bits  prime256v1       19    DHE-RSA-SEED-SHA             TLSv1.1,TLSv1.2  DH,1024bits              None       20    DHE-RSA-CAMELLIA128-SHA      TLSv1.1,TLSv1.2  DH,1024bits              None       21    EDH-RSA-DES-CBC3-SHA         TLSv1.1,TLSv1.2  DH,1024bits              None       22    AES128-GCM-SHA256            TLSv1.2          None                     None       23    AES128-SHA256                TLSv1.2          None                     None       24    AES128-SHA                   TLSv1.1,TLSv1.2  None                     None       25    SEED-SHA                     TLSv1.1,TLSv1.2  None                     None       26    CAMELLIA128-SHA              TLSv1.1,TLSv1.2  None                     None       27    DES-CBC3-SHA                 TLSv1.1,TLSv1.2  None                     None       28    ECDHE-RSA-RC4-SHA            TLSv1.1,TLSv1.2  ECDH,prime256v1,256bits  prime256v1       29    RC4-SHA                      TLSv1.1,TLSv1.2  None                     None       30    RC4-MD5                      TLSv1.1,TLSv1.2  None                     None       31    EDH-RSA-DES-CBC-SHA          TLSv1.1,TLSv1.2  DH,1024bits              None       32    DES-CBC-SHA                  TLSv1.1,TLSv1.2  None                     None             Certificate: UNTRUSTED, 1024 bit, sha1WithRSAEncryption signature       TLS ticket lifetime hint: 300       OCSP stapling: not supported       Cipher ordering: client

 

Allow only TLS 1.2:

 

       # config system global        # set admin-https-ssl-versions tlsv1-2        # end

 

Check again the config:

 

# /opt/scripts/cipherscan 198.18.0.1:8443        custom openssl not executable, falling back to system one from /bin/openssl        .................................        Target: 198.18.0.1:8443               prio  ciphersuite                  protocols  pfs                      curves        1     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2    ECDH,prime256v1,256bits  prime256v1        2     ECDHE-RSA-AES256-SHA384      TLSv1.2    ECDH,prime256v1,256bits  prime256v1        3     ECDHE-RSA-AES256-SHA         TLSv1.2    ECDH,prime256v1,256bits  prime256v1        4     DHE-RSA-AES256-GCM-SHA384    TLSv1.2    DH,1024bits              None        5     DHE-RSA-AES256-SHA256        TLSv1.2    DH,1024bits              None        6     DHE-RSA-AES256-SHA           TLSv1.2    DH,1024bits              None        7     DHE-RSA-CAMELLIA256-SHA      TLSv1.2    DH,1024bits              None        8     AES256-GCM-SHA384            TLSv1.2    None                     None        9     AES256-SHA256                TLSv1.2    None                     None        10    AES256-SHA                   TLSv1.2    None                     None        11    CAMELLIA256-SHA              TLSv1.2    None                     None        12    ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2    ECDH,prime256v1,256bits  prime256v1        13    ECDHE-RSA-AES128-SHA256      TLSv1.2    ECDH,prime256v1,256bits  prime256v1        14    ECDHE-RSA-AES128-SHA         TLSv1.2    ECDH,prime256v1,256bits  prime256v1        15    DHE-RSA-AES128-GCM-SHA256    TLSv1.2    DH,1024bits              None        16    DHE-RSA-AES128-SHA256        TLSv1.2    DH,1024bits              None        17    DHE-RSA-AES128-SHA           TLSv1.2    DH,1024bits              None        18    ECDHE-RSA-DES-CBC3-SHA       TLSv1.2    ECDH,prime256v1,256bits  prime256v1        19    DHE-RSA-SEED-SHA             TLSv1.2    DH,1024bits              None        20    DHE-RSA-CAMELLIA128-SHA      TLSv1.2    DH,1024bits              None        21    EDH-RSA-DES-CBC3-SHA         TLSv1.2    DH,1024bits              None        22    AES128-GCM-SHA256            TLSv1.2    None                     None        23    AES128-SHA256                TLSv1.2    None                     None        24    AES128-SHA                   TLSv1.2    None                     None        25    SEED-SHA                     TLSv1.2    None                     None        26    CAMELLIA128-SHA              TLSv1.2    None                     None        27    DES-CBC3-SHA                 TLSv1.2    None                     None        28    ECDHE-RSA-RC4-SHA            TLSv1.2    ECDH,prime256v1,256bits  prime256v1        29    RC4-SHA                      TLSv1.2    None                     None        30    RC4-MD5                      TLSv1.2    None                     None        31    EDH-RSA-DES-CBC-SHA          TLSv1.2    DH,1024bits              None        32    DES-CBC-SHA                  TLSv1.2    None                     None               Certificate: UNTRUSTED, 1024 bit, sha1WithRSAEncryption signature        TLS ticket lifetime hint: 300        OCSP stapling: not supported        Cipher ordering: client

 

Check if unsecure ciphers are supported even above is shown :)

 

# openssl s_client -connect 198.18.0.1:8443 -cipher "DES"        CONNECTED(00000003)        depth=1 C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = Certificate Authority, CN = support, emailAddress = support@fortinet.com        verify error:num=19:self signed certificate in certificate chain        verify return:0        ---        Certificate chain         0 s:/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FortiGate/CN=FG300C3913601712/emailAddress=support@fortinet.com           i:/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com         1 s:/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com           i:/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com        ---        Server certificate        -----BEGIN CERTIFICATE-----        MIIDRTCCAi2gAwIBAgIDC9W6MA0GCSqGSIb3DQEBBQUAMIGgMQswCQYDVQQGEwJV        UzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYD        VQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRAw        DgYDVQQDEwdzdXBwb3J0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0        LmNvbTAeFw0xMzAzMDUwMjAyMzFaFw0zODAxMTkwMzE0MDdaMIGdMQswCQYDVQQG        EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREw        DwYDVQQKEwhGb3J0aW5ldDESMBAGA1UECxMJRm9ydGlHYXRlMRkwFwYDVQQDExBG        RzMwMEMzOTEzNjAxNzEyMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0        LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvbxgu84VKi3SL78ZpAdB        5yaqOQfNf44KFwxFAqk94D8vjcNi0i0igSVdNZD80hRJUqbkVprgAaOPG4BvnadN        2LIB0S1ajvjJfOctdfstpiVYRU2W3i5sjqkoRLyn1Vy0olZ3MVQMZUP0saPqQPnF        vrBSwDJ/CJ31mMMyyIP+JncCAwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0B        AQUFAAOCAQEANb9WMN1Tedd+qvQuYvtjCJm5XEgWuQNG3LfSsHFU7ZB2Sjybj39/        cfzHZuFdUtib6QPO1AuOvWyXZwIK8bcx6eFxoq7Ox6rTJVgJkw9XxoUbC2s2Du/o        CtfPNc5cJJ/Xjlmufr3mNUT+26kG1RG1E8+QViTsRzwT/L9+SIX4KDvqUaZI+gqj        6VSgVD2EkUK2OtHS1CvtFsCbVpwBTmcKErjPcnUl1RyvWoBtMLDbHOc09r/joJoS        ruKoDlXKinkPMDeuazIR3JFYj40V3+OXXlSoc1H1DuXKKyZsZXFp9gKfoQXAllkO        qlBsAiyXAsieWQsQoiAyyAyNpp8zGgIKxA==        -----END CERTIFICATE-----        subject=/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=FortiGate/CN=FG300C3913601712/emailAddress=support@fortinet.com        issuer=/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com        ---        No client certificate CA names sent        Server Temp Key: DH, 1024 bits        ---        SSL handshake has read 2394 bytes and written 271 bytes        ---        New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC-SHA        Server public key is 1024 bit        Secure Renegotiation IS supported        Compression: NONE        Expansion: NONE        SSL-Session:            Protocol  : TLSv1.2            Cipher    : EDH-RSA-DES-CBC-SHA            Session-ID: F4B05A8E17FE406186242860D92EC90B9FF09EE731FE2C9DC3CE3B0EB57D50DC            Session-ID-ctx:            Master-Key: 36EDD661CE7E6688395FF8FF1F76349A1E7054F62EE4D55590A24BB1C15B6FDF9EC3B3B92A7ECF3731424F4F5D9C3626            Key-Arg   : None            Krb5 Principal: None            PSK identity: None            PSK identity hint: None            Start Time: 1435042817            Timeout   : 300 (sec)            Verify return code: 19 (self signed certificate in certificate chain)        ---

 

Followin ciphers should be prevented to be used:

 

 aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA

 

To prevent enable strong-crypto:

 

       # config system global        # set strong-crypto enable        # end

 

 

Check config if config was successful:

 

       # /opt/scripts/cipherscan 198.18.0.1:8443        custom openssl not executable, falling back to system one from /bin/openssl        ................        Target: 198.18.0.1:8443               prio  ciphersuite                  protocols  pfs                      curves        1     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2    ECDH,prime256v1,256bits  prime256v1        2     ECDHE-RSA-AES256-SHA384      TLSv1.2    ECDH,prime256v1,256bits  prime256v1        3     ECDHE-RSA-AES256-SHA         TLSv1.2    ECDH,prime256v1,256bits  prime256v1        4     DHE-RSA-AES256-SHA256        TLSv1.2    DH,1024bits              None        5     DHE-RSA-AES256-SHA           TLSv1.2    DH,1024bits              None        6     AES256-SHA256                TLSv1.2    None                     None        7     AES256-SHA                   TLSv1.2    None                     None        8     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2    ECDH,prime256v1,256bits  prime256v1        9     ECDHE-RSA-AES128-SHA256      TLSv1.2    ECDH,prime256v1,256bits  prime256v1        10    ECDHE-RSA-AES128-SHA         TLSv1.2    ECDH,prime256v1,256bits  prime256v1        11    DHE-RSA-AES128-GCM-SHA256    TLSv1.2    DH,1024bits              None        12    DHE-RSA-AES128-SHA256        TLSv1.2    DH,1024bits              None        13    DHE-RSA-AES128-SHA           TLSv1.2    DH,1024bits              None        14    AES128-SHA256                TLSv1.2    None                     None        15    AES128-SHA                   TLSv1.2    None                     None               Certificate: UNTRUSTED, 1024 bit, sha1WithRSAEncryption signature        TLS ticket lifetime hint: 300        OCSP stapling: not supported        Cipher ordering: client

 

Check if as example DES is supported:

 

       # openssl s_client -connect 198.18.0.1:8443 -cipher "DES"        CONNECTED(00000003)        140357317728160:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:744:        ---        no peer certificate available        ---        No client certificate CA names sent        ---        SSL handshake has read 7 bytes and written 73 bytes        ---        New, (NONE), Cipher is (NONE)        Secure Renegotiation IS NOT supported        Compression: NONE        Expansion: NONE

 

Check all at once RC4 if unsecure are supported:

 

#  for i in `openssl ciphers -v 'RC4' | awk '{print $1}'`; do echo -ne "$i\t" ;   echo |  openssl s_client -connect [FQDN des Hosts oder IPv4]:443 -cipher "$i" 2>&1 | grep New; done             ECDHE-RSA-RC4-SHA New, (NONE), Cipher is (NONE)             ECDHE-ECDSA-RC4-SHA New, (NONE), Cipher is (NONE)             AECDH-RC4-SHA New, (NONE), Cipher is (NONE)             ADH-RC4-MD5 New, (NONE), Cipher is (NONE)             ECDH-RSA-RC4-SHA New, (NONE), Cipher is (NONE)             ECDH-ECDSA-RC4-SHA New, (NONE), Cipher is (NONE)             RC4-SHA New, (NONE), Cipher is (NONE)             RC4-MD5 New, (NONE), Cipher is (NONE)

 

 

If you want you can use the same for SSL-VPN which means:

 

Default is:

       sslv2               : disable        sslv3               : enable        tlsv1-0             : enable        tlsv1-1             : enable        tlsv1-2             : enable        algorithm           : default

 

Default uses following:

 

       # /opt/scripts/cipherscan 198.18.0.1:443            custom openssl not executable, falling back to system one from /bin/openssl        ...............................        Target: 198.18.0.1:443               prio  ciphersuite                  protocols                    pfs                      curves        1     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                      ECDH,prime256v1,256bits  prime256v1        2     ECDHE-RSA-AES256-SHA384      TLSv1.2                      ECDH,prime256v1,256bits  prime256v1        3     ECDHE-RSA-AES256-SHA         SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,prime256v1,256bits  prime256v1        4     DHE-RSA-AES256-GCM-SHA384    TLSv1.2                      DH,1024bits              None        5     DHE-RSA-AES256-SHA256        TLSv1.2                      DH,1024bits              None        6     DHE-RSA-AES256-SHA           SSLv3,TLSv1,TLSv1.1,TLSv1.2  DH,1024bits              None        7     DHE-RSA-CAMELLIA256-SHA      SSLv3,TLSv1,TLSv1.1,TLSv1.2  DH,1024bits              None        8     AES256-GCM-SHA384            TLSv1.2                      None                     None        9     AES256-SHA256                TLSv1.2                      None                     None        10    AES256-SHA                   SSLv3,TLSv1,TLSv1.1,TLSv1.2  None                     None        11    CAMELLIA256-SHA              SSLv3,TLSv1,TLSv1.1,TLSv1.2  None                     None        12    ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                      ECDH,prime256v1,256bits  prime256v1        13    ECDHE-RSA-AES128-SHA256      TLSv1.2                      ECDH,prime256v1,256bits  prime256v1        14    ECDHE-RSA-AES128-SHA         SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,prime256v1,256bits  prime256v1        15    DHE-RSA-AES128-GCM-SHA256    TLSv1.2                      DH,1024bits              None        16    DHE-RSA-AES128-SHA256        TLSv1.2                      DH,1024bits              None        17    DHE-RSA-AES128-SHA           SSLv3,TLSv1,TLSv1.1,TLSv1.2  DH,1024bits              None        18    DHE-RSA-CAMELLIA128-SHA      SSLv3,TLSv1,TLSv1.1,TLSv1.2  DH,1024bits              None        19    AES128-GCM-SHA256            TLSv1.2                      None                     None        20    AES128-SHA256                TLSv1.2                      None                     None        21    AES128-SHA                   SSLv3,TLSv1,TLSv1.1,TLSv1.2  None                     None        22    CAMELLIA128-SHA              SSLv3,TLSv1,TLSv1.1,TLSv1.2  None                     None        23    DHE-RSA-SEED-SHA             SSLv3,TLSv1,TLSv1.1,TLSv1.2  DH,1024bits              None        24    SEED-SHA                     SSLv3,TLSv1,TLSv1.1,TLSv1.2  None                     None        25    ECDHE-RSA-RC4-SHA            SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,prime256v1,256bits  prime256v1        26    RC4-SHA                      SSLv3,TLSv1,TLSv1.1,TLSv1.2  None                     None        27    RC4-MD5                      SSLv3,TLSv1,TLSv1.1,TLSv1.2  None                     None        28    ECDHE-RSA-DES-CBC3-SHA       SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,prime256v1,256bits  prime256v1        29    EDH-RSA-DES-CBC3-SHA         SSLv3,TLSv1,TLSv1.1,TLSv1.2  DH,1024bits              None        30    DES-CBC3-SHA                 SSLv3,TLSv1,TLSv1.1,TLSv1.2  None                     None              Certificate: UNTRUSTED, 1024 bit, sha1WithRSAEncryption signature        TLS ticket lifetime hint: 300        OCSP stapling: not supported        Cipher ordering: server

 

Disable everything except TLS 1.2 as go to high algorithm:

 

       # config vpn ssl settings        # set tlsv1-0 disable        # set tlsv1-1 disable        # set sslv3 disable        # set algorithm high        # end

 

Check again the config:

 

       # /opt/scripts/cipherscan 198.18.0.1:443        custom openssl not executable, falling back to system one from /bin/openssl        ..........................        Target: 198.18.0.1:443               prio  ciphersuite                  protocols  pfs                     curves        1     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2    ECDH,secp384r1,384bits  secp384r1        2     ECDHE-RSA-AES256-SHA384      TLSv1.2    ECDH,secp384r1,384bits  secp384r1        3     ECDHE-RSA-AES256-SHA         TLSv1.2    ECDH,secp384r1,384bits  secp384r1        4     DHE-RSA-AES256-GCM-SHA384    TLSv1.2    DH,1024bits             None        5     DHE-RSA-AES256-SHA256        TLSv1.2    DH,1024bits             None        6     DHE-RSA-AES256-SHA           TLSv1.2    DH,1024bits             None        7     DHE-RSA-CAMELLIA256-SHA      TLSv1.2    DH,1024bits             None        8     AES256-GCM-SHA384            TLSv1.2    None                    None        9     AES256-SHA256                TLSv1.2    None                    None        10    AES256-SHA                   TLSv1.2    None                    None        11    CAMELLIA256-SHA              TLSv1.2    None                    None        12    ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2    ECDH,secp384r1,384bits  secp384r1        13    ECDHE-RSA-AES128-SHA256      TLSv1.2    ECDH,secp384r1,384bits  secp384r1        14    ECDHE-RSA-AES128-SHA         TLSv1.2    ECDH,secp384r1,384bits  secp384r1        15    DHE-RSA-AES128-GCM-SHA256    TLSv1.2    DH,1024bits             None        16    DHE-RSA-AES128-SHA256        TLSv1.2    DH,1024bits             None        17    DHE-RSA-AES128-SHA           TLSv1.2    DH,1024bits             None        18    DHE-RSA-CAMELLIA128-SHA      TLSv1.2    DH,1024bits             None        19    AES128-GCM-SHA256            TLSv1.2    None                    None        20    AES128-SHA256                TLSv1.2    None                    None        21    AES128-SHA                   TLSv1.2    None                    None        22    CAMELLIA128-SHA              TLSv1.2    None                    None        23    ECDHE-RSA-DES-CBC3-SHA       TLSv1.2    ECDH,secp384r1,384bits  secp384r1        24    EDH-RSA-DES-CBC3-SHA         TLSv1.2    DH,1024bits             None        25    DES-CBC3-SHA                 TLSv1.2    None                    None               Certificate: UNTRUSTED, 1024 bit, sha1WithRSAEncryption signature        TLS ticket lifetime hint: 300        OCSP stapling: not supported        Cipher ordering: server

 

Use for more security not 1024 bit DH increase to higher value:

 

            # config firewall ssl settings             # set ssl-dh-bits [1024 | 1536 | 2048 | 768]             # end

 

Check if unsecure cipher are still supported:

 

       # openssl s_client -connect 198.18.0.1:443 -cipher "RC4"        CONNECTED(00000003)        140687385839520:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:744:        ---        no peer certificate available        ---        No client certificate CA names sent        ---        SSL handshake has read 7 bytes and written 73 bytes        ---        New, (NONE), Cipher is (NONE)        Secure Renegotiation IS NOT supported        Compression: NONE        Expansion: NONE        ---

 

Check at once if RC4 is supported:

 

            #  for i in `openssl ciphers -v 'RC4' | awk '{print $1}'`; do echo -ne "$i\t" ;   echo |  openssl s_client -connect [FQDN des Hosts oder IPv4]:443 -cipher "$i" 2>&1 | grep New; done             ECDHE-RSA-RC4-SHA New, (NONE), Cipher is (NONE)             ECDHE-ECDSA-RC4-SHA New, (NONE), Cipher is (NONE)             AECDH-RC4-SHA New, (NONE), Cipher is (NONE)             ADH-RC4-MD5 New, (NONE), Cipher is (NONE)             ECDH-RSA-RC4-SHA New, (NONE), Cipher is (NONE)             ECDH-ECDSA-RC4-SHA New, (NONE), Cipher is (NONE)             RC4-SHA New, (NONE), Cipher is (NONE)             RC4-MD5 New, (NONE), Cipher is (NONE)

 

From my point of view there is no configuration which tells the FortiGate in deep-inspection to not use some ciphers etc. This is from my point of view a config which you can full file over the Browser which means deactivating unter option TLS SSL etc. If a webserver is correct configured a fallback to a lower cipher should be not allow. Anyway as more as you increase the security with as an example TLS 1.2 only as with only some ciphers on a Server as more as you will have compatibility issues even it would be from security point of view correct.

 

Finally the option discussed here strong-crypto has nothing to do with the cipers or TLS SSL version the FortiGate uses to access a webserver etc. using deep-inspection. This options influence as the CLI documents the HTTPS SSH Admin access only.

 

hope this helps

 

have fun

 

Andrea

View solution in original post

emnoc
Esteemed Contributor III

Very good points & observations

 

Keep in mind, the  ciphers offered by the webserver is going to be the factor on what's selected and used.There's nothing you can do, that can steer or bypass that (except with a true proxy that conducts ssl inspections ....read more )

 

I don't think the  fortigate is going to stop a client that proxy thru from establishment to a web-site with a small-keys or weak ciphers. A true dedicate  forward proxy ( i.e cisco,  bluecoat , optenet, etc...) & that have SSL/TLS  security features is what's required. I think this is where the OP was hinting at & within these latest posts. The fortigate which is good, is not as secured or security cautious as a full on 3rd party proxy solution , who  has better SSL/TLS inspection and controls.

 

The FGT "SSL inspections" just checks basic security checks which are no or more less than your typical browser. Example a explict proxy might allow you to access a site with expired cert or revoke cert or sslv2 or be effected by sslv3 and poodle vulnerabilities.

 

You will need a proxy that has security feature that inspect and restrict the client from  using  ssl3 just for example, I don't think this is possible within the fortigate ( somebody can correct me if I'm wrong ). Poster networker has brought up 2 posts that should be on the minds of all that uses "just" a  fortigate and with attempts at security enforcement from a web-client.

 

Btw, I like that cipherscan script for cipher testing ;)

 

 

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
11 REPLIES 11
emnoc
Esteemed Contributor III

I 'll speak to my SSE teams and see what  they say, but I agreed PANW has it right  but than you are comparing a different beast than a fortigate ;)

 

The PAN series can also block by SSL neg protoocl sslv2 sslv3 TLS1.x etc.... so you have more control over web-clients access in/out and you have the luxury fail-open or close depending on if you exceed the SSL decryption limits . ( yes these appliance have a max sessions de-encryptions counts irrc )

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
seadave
Contributor III

@AndreaSoliva you must be some kind of uber genius to understand all of that.  Lots to learn from your excellent post.  It is frustrating that these type of "defaults" are not noted more prominently by Fortinet and it requires us sleuthing through the formums to find someone like @AndreaSoliva or @emnoc who are deeply versed in the product.

 

If you are trying to harden an IIS server, I have found a great little tool called IIS Crypto:

 

https://www.nartac.com/Products/IISCrypto

 

It allows you to see all of the Protocols, Ciphers, Hashes, and Exchanges that are enabled and the order of precedence for the various cipher suites.  Saves a lot of time from messing in the registry or running scripts.  So perhaps using this tool and the settings that @AndreaSoliva mentioned would do the trick.  I've used it for my 2008R2 OWA box and it works great.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors