Very very low Ciphers/Encryption on Forticlient 6.4.x for Android (IPSEC)

ipranger · ‎05-17-2021

Hello all,

i'am using here FortiOS7 with lates Forticlient for Android 6.4.6.0507. IPSEC works, but the highest encryption level ist AES128 and SHA-1. https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

https://en.wikipedia.org/wiki/SHA-1

Can anyone tell me the reason for building a VPN client with almost the lowest encryption? That used to be safe many many years ago.

Very Thanks and best Regards

Fireon

Fortigate 60E v7.x (GA)

emnoc · ‎05-17-2021

Okay sha1 is not hackable. If you are using pfs in your ipsec configuration your safe from any attacks. if in doubt run short IKE/IPSEC key-life but I would not personally be worried over sha1.

Now yes FC6.4 still supports md5/sha1 "only" , why that is a business question to FTNT. Strongsan and greenbow are great alternative for ipsec-clients.

I think one of the reason mobile-devices are not using top-notch encryption is due to the size of the processors in the phone and the vendor don't not want to overburden these devices. Just my wild guess.

Ken Felix

PCNSE

NSE

StrongSwan

ipranger · ‎05-18-2021

Thank you for this information and your Recommendation in the other thread. This can be an solution.

Fortigate 60E v7.x (GA)

emnoc · ‎05-18-2021

NP , I also throw in NCP in that other thread. It's very reliable. Actually all of them are very good. I will update some details on the blog and specifically with greenbow here in soon.

Ken Felix

PCNSE

NSE

StrongSwan

Very very low Ciphers/Encryption on Forticlient 6.4.x for Android (IPSEC)

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website