Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
thanks111
New Contributor

Created on ‎09-26-2018 04:16 AM

SSL VPN, webmode/forticlient SSL/TLS

Hi Guys,

 

Been stuck at SSL VPN issue. Ran wireshark tess and keep getting below message:

 

TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake failure)

 

Btw I am using VM and using fortinet_Certificate default one

 

I have enabled TLS 1.0/1.1/1.2 from internet options. however all the browsers keep saying: 

 

192.168.1.100 uses an unsupported protocol.

 

ERR_SSL_VERSION_OR_CIPHER_MISMATCH   Unsupported protocol The client and server don't support a common SSL protocol version or cipher suite.

 

FortigateVM # sh vpn ssl settings 

config vpn ssl settings

    set tlsv1-0 enable

    set ssl-client-renegotiation enable

    set servercert "Fortinet_Factory"

    set login-attempt-limit 0

    set login-block-time 2

    set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1"

    set source-interface "port1"

    set source-address "all"

    set default-portal "full-access"

    config authentication-rule

        edit 1

            set groups "LDAP_SSL_VPN"

            set portal "full-access"

        next

    end

end

 

 

Any help/ideas would be much appriciated!

 

:)

FortigateVM # sh vpn ssl settings 
config vpn ssl settings
    set tlsv1-0 enable
    set ssl-client-renegotiation enable
    set servercert "Fortinet_Factory"
    set login-attempt-limit 0
    set login-block-time 2
    set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1"
    set source-interface "port1"
    set source-address "all"
    set default-portal "full-access"
    config authentication-rule
        edit 1
            set groups "LDAP_SSL_VPN"
            set portal "full-access"
        next
    end
end
9571
0 Kudos
1 REPLY 1
thanks111
New Contributor

Created on ‎09-26-2018 06:29 AM

[3081:root:359]SSL_accept failed, 1:no shared cipher

did some debugging guys and got the issue below I understand I need to change algorithm to medium but once i go in the config VPN SSL SETTINGS i dont get Set algorithm option. Firmware//v5.6.4 build1575 (GA)(VM) config vpn ssl settings set algorithm Medium

 

 

FortigateVM # [3081:root:359]allocSSLConn:280 sconn 0x7f516b08a400 (0:root)

[3081:root:35a]allocSSLConn:280 sconn 0x7f516b08c800 (0:root)

[3081:root:359]SSL state:before SSL initialization (192.168.1.3)

[3081:root:359]SSL state:before SSL initialization (192.168.1.3)

[3081:root:359]SSL state:fatal handshake failure (192.168.1.3)

[3081:root:359]SSL state:error:(null)(192.168.1.3)

[3081:root:359]SSL_accept failed, 1:no shared cipher

[3081:root:359]Destroy sconn 0x7f516b08a400, connSize=1. (root)

[3081:root:35a]SSL state:before SSL initialization (192.168.1.3)

[3081:root:35a]SSL state:before SSL initialization (192.168.1.3)

[3081:root:35a]SSL state:fatal handshake failure (192.168.1.3)

[3081:root:35a]SSL state:error:(null)(192.168.1.3)

[3081:root:35a]SSL_accept failed, 1:no shared cipher

2612
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.