Dear Team,
One of our server team has report they are not able to access website - like abc.com using curl command.
Earlier server team used to access this website using tls 1.2 now they have changed from 1.2 to 1.3 tls version.
after changing tls 1.3 they are facing error like ssl handshake error when they try to access website using curl command.
So my query is do we have to enable TLS 1.3 at Fortigate firewall or not.
Please refer the diagram for example.
I would apricate your response.
Thank you.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Umesh
Hello @Umesh ,
If abc.com doesn't support TLS 1.3 you can't access with TLS 1.3 to that website. You can learn the supported TLS version of the remote website with this tool.
https://www.ssllabs.com/ssltest/
Normally, you don't need to change anything on FortiGate.
Do we have to change at firewall TLS 1.3 , If server team has changed TLS 1.3 at server.
Note - we are not using SSL VPN and no SSL certificates at firewall.
Hello @Umesh ,
As per your scenario, no need to make any changes to FortiGate. Did you test the remote web site for this tool as I mentioned?
https://www.ssllabs.com/ssltest/
Yes, I have checked.
abc.com - using TLS 1.2 and TLS 1.3 both.
Hi,
- What is the error being observed?
- Is it seen for a specific website? If its a public website can you provide the URL?
- Which state of the SSL handshake is having issue? Packet capture can help here?
- Are you using SSL Inspection in the Policy?
- Is the Kyber key exchange used while accessing this website?
Regards,
Shiva
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.