Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
thanks111
New Contributor

SSL VPN, webmode/forticlient SSL/TLS

Hi Guys,

 

Been stuck at SSL VPN issue. Ran wireshark tess and keep getting below message:

 

TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake failure)

 

Btw I am using VM and using fortinet_Certificate default one

 

I have enabled TLS 1.0/1.1/1.2 from internet options. however all the browsers keep saying: 

 

192.168.1.100 uses an unsupported protocol.

 

ERR_SSL_VERSION_OR_CIPHER_MISMATCH   Unsupported protocol The client and server don't support a common SSL protocol version or cipher suite.

 

FortigateVM # sh vpn ssl settings 

config vpn ssl settings

    set tlsv1-0 enable

    set ssl-client-renegotiation enable

    set servercert "Fortinet_Factory"

    set login-attempt-limit 0

    set login-block-time 2

    set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1"

    set source-interface "port1"

    set source-address "all"

    set default-portal "full-access"

    config authentication-rule

        edit 1

            set groups "LDAP_SSL_VPN"

            set portal "full-access"

        next

    end

end

 

 

Any help/ideas would be much appriciated!

 

:)

FortigateVM # sh vpn ssl settings 
config vpn ssl settings
    set tlsv1-0 enable
    set ssl-client-renegotiation enable
    set servercert "Fortinet_Factory"
    set login-attempt-limit 0
    set login-block-time 2
    set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1"
    set source-interface "port1"
    set source-address "all"
    set default-portal "full-access"
    config authentication-rule
        edit 1
            set groups "LDAP_SSL_VPN"
            set portal "full-access"
        next
    end
end
1 REPLY 1
thanks111
New Contributor

[3081:root:359]SSL_accept failed, 1:no shared cipher

did some debugging guys and got the issue below I understand I need to change algorithm to medium but once i go in the config VPN SSL SETTINGS i dont get Set algorithm option. Firmware//v5.6.4 build1575 (GA)(VM) config vpn ssl settings set algorithm Medium

 

 

FortigateVM # [3081:root:359]allocSSLConn:280 sconn 0x7f516b08a400 (0:root)

[3081:root:35a]allocSSLConn:280 sconn 0x7f516b08c800 (0:root)

[3081:root:359]SSL state:before SSL initialization (192.168.1.3)

[3081:root:359]SSL state:before SSL initialization (192.168.1.3)

[3081:root:359]SSL state:fatal handshake failure (192.168.1.3)

[3081:root:359]SSL state:error:(null)(192.168.1.3)

[3081:root:359]SSL_accept failed, 1:no shared cipher

[3081:root:359]Destroy sconn 0x7f516b08a400, connSize=1. (root)

[3081:root:35a]SSL state:before SSL initialization (192.168.1.3)

[3081:root:35a]SSL state:before SSL initialization (192.168.1.3)

[3081:root:35a]SSL state:fatal handshake failure (192.168.1.3)

[3081:root:35a]SSL state:error:(null)(192.168.1.3)

[3081:root:35a]SSL_accept failed, 1:no shared cipher