Fortinet white logo
Fortinet white logo

Handbook

Configuring real server SSL profiles

Configuring real server SSL profiles

A real server SSL profile determines settings used in network communication on the FortiADC-server segment, in contrast to a virtual server profile, which determines the settings used in network communication on the client-FortiADC segment.

SSL profiles illustrates the basic idea of client-side and server-side profiles.

SSL profiles

Predefined real server profiles provides a summary of the predefined profiles. You can select predefined profiles in the real server pool configuration, or you can create user-defined profiles.

Predefined real server profiles

Profile Defaults
LB_RS_SSL_PROF_DEFAULT
  • Allow version: SSLv3, TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3
  • Cipher suite list: custom
LB_RS_SSL_PROF_ECDSA
  • Allow version: SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2
  • Cipher suite list: ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-AES256-SHA, ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-RC4-SHA,ECDHE-ECDSA-DES-CBC3-SHA,
LB_RS_SSL_PROF_ECDSA_SSLV3
  • Allow version: SSLv3
  • Cipher suite list: ECDHE-ECDSA-AES256-SHA, ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-RC4-SHA,ECDHE-ECDSA-DES-CBC3-SHA,
LB_RS_SSL_PROF_ECDSA_TLS12
  • Allow version: TLSv1.2
  • Cipher suite list: ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,
LB_RS_SSL_PROF_ENULL
  • Allow version: SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2
  • Cipher suite list: eNull

Recommended for Microsoft Direct Access servers where the application data is already encrypted and no more encryption is needed.

LB_RS_SSL_PROF_HIGH
  • Allow version TLSv1.2
  • Cipher suite list: ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 AES256-GCM-SHA384 AES256-SHA256,
LB_RS_SSL_PROF_LOW_SSLV3
  • Allow version SSLv3
  • Cipher suite list: DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA AES128-GCM-SHA256 AES128-SHA256 AES128-SHA ECDHE-RSA-RC4-SHA RC4-MD5 ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA EDH-RSA-DES-CBC-SHA DES-CBC-SHA
LB_RS_SSL_PROF_MEDIUM
  • Allow version: TLSv1.0, TLSv1.1, and TLSv1.2
  • Cipher suite list: ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA AES128-GCM-SHA256 AES128-SHA256 AES128-SHA RC4-SHA EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA
NONE
  • SSL is disabled.
Before you begin:
  • You must have Read-Write permission for Load Balance settings.
To configure custom real server profiles:
  1. Go to Server Load Balance > Real Server Pool.
  2. Click the Server SSL tab.
  3. Click Create New to display the configuration editor.
  4. Complete the configuration as described in Real Server SSL Profile configuration guidelines.
  5. Save the configuration.

You can clone a predefined configuration object to help you get started with a user-defined configuration.

To clone a configuration object, click the clone icon that appears in the tools column on the configuration summary page.

Real Server SSL Profile configuration guidelines

Settings Guidelines
Name Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the real server pool configuration.

Note: After you initially save the configuration, you cannot edit the name.
SSL

Enable/disable SSL for the connection between the FortiADC and the real server.

Note: The following fields become available only when SSL is enabled. See above.

Customized SSL Ciphers Flag

Enable/disable use of user-specified cipher suites. When enabled, you must select a Customized SSL Cipher. See below.

Customized SSL Ciphers

If the customize cipher flag is enabled, specify a colon-separated, ordered list of cipher suites.

An empty string is allowed. If empty, the default cipher suite list is used.

The names you enter are validated against the form of the cipher suite short names published on the OpenSSL website:

https://www.openssl.org/docs/manprimary/apps/ciphers.html

SSL Cipher Suite List

Ciphers are listed from strongest to weakest:

  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES256-SHA384
  • ECDHE-ECDSA-CAMELLIA256-SHA384

  • *ECDHE-ECDSA-AES256-SHA
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • *ECDHE-ECDSA-AES128-SHA256
  • ECDHE-ECDSA-CAMELLIA128-SHA256

  • *ECDHE-ECDSA-AES128-SHA
  • ECDHE-ECDSA-DES-CBC3-SHA
  • ECDHE-ECDSA-RC4-SHA
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-RSA-CAMELLIA256-SHA384

  • *ECDHE-RSA-AES256-SHA
  • DHE-RSA-AES256-GCM-SHA384
  • *DHE-RSA-AES256-SHA256
  • DHE-RSA-CAMELLIA256-SHA256

  • *DHE-RSA-AES256-SHA
  • DHE-RSA-CAMELLIA256-SHA

  • AES256-GCM-SHA384
  • *AES256-SHA256
  • *AES256-SHA
  • ECDHE-RSA-AES128-GCM-SHA256
  • *ECDHE-RSA-AES128-SHA256
  • ECDHE-RSA-CAMELLIA128-SHA256

  • *ECDHE-RSA-AES128-SHA
  • DHE-RSA-AES128-GCM-SHA256
  • *DHE-RSA-AES128-SHA256
  • DHE-RSA-CAMELLIA128-SHA256

  • *DHE-RSA-AES128-SHA
  • AES128-GCM-SHA256
  • *AES128-SHA256
  • *AES128-SHA
  • ECDHE-RSA-RC4-SHA
  • RC4-SHA
  • RC4-MD5
  • ECDHE-RSA-DES-CBC3-SHA
  • EDH-RSA-DES-CBC3-SHA
  • DES-CBC3-SHA
  • EDH-RSA-DES-CBC-SHA
  • DES-CBC-SHA
  • eNULL

*These ciphers are fully supported by hardware SSL (in 400F, 1200F, 2200F, 4200F and 5000F).

Note: We recommend retaining the default list. If necessary, you can deselect the SSL ciphers that you do not want to support.

TLSv1.3 Cipher Suite List

TLSv1.3 ciphers are listed as following:

  • TLS_AES_256_GCM_SHA384
  • TLS_AES_128_GCM_SHA256
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_CCM_SHA256
  • TLS_AES_128_CCM_8_SHA256

Note: This option only available if the TLSv1.3 is checked.

Allowed SSL Versions

You have the following options:

  • SSLv3
  • TLSv1.0
  • TLSv1.1
  • TLSv1.2
  • TLSv1.3

Note:

  • Please make sure that the SSL version is continuous. If not, an error message should be returned.

  • RFC 7919 Comply cannot support SSLv3 and TLS 1.3. If RFC 7919 Comply is enabled and SSLv3 or TLSv1.3 is selected in Allowed SSL Versions, an error message will display.

Certificate Verify Specify a Certificate Verify configuration object to validate server certificates. This Certificate Verify object must include a CA group and may include OCSP and CRL checks.
SNI Forward Flag Enable/disable forwarding the client SNI value to the server. The SNI value will be forwarded to the real server only when the client-side ClientHello message contains a valid SNI value; otherwise, nothing is forwarded.
Session Reuse Flag Enable/disable SSL session reuse.
Session Reuse Limit The default is 0 (disabled). The valid range is 0-1048576.
TLS Ticket Flag Enable/disable TLS ticket-based session reuse.
Renegotiation

This option controls how FortiADC responds to mid-stream SSL reconnection requests either initiated by real servers or forced by FortiADC.

Note:

  • This option is enabled by default.
  • When disabled, you must select an option for Renegotiation-Deny-Action.
Renegotiation Period

Specify the interval from the initial connect time that FortiADC renegotiates an SSL session. The unit of measurement can be second (default), minute, or hour, e.g., 100s, 20m, or 1h.

Note:

  • The default is 0, which disables the function.
  • If a custom value is set, FortiADC will renegotiate the SSL session accordingly. For example, if you set the renegotiate period to 3600s (or 3600, 60m, or 1h), FortiADC will renegotiate the SSL session at least once an hour.
Renegotiate Size

Specify the amount (in MB) of application data that must have been transmitted over the secure connection before FortiADC initiates the renegotiation of an SSL session.

Note: The default is 0, which disables the function.

Secure Renegotiation

Select one of the following options:

  • RequestFortiADC requests secure renegotiation of SSL connections.
  • RequireFortiADC requires secure renegotiation of SSL connections. In this mode, FortiADC allows initial SSL handshakes from real servers, but terminates renegotiation from real servers that do not support secure renegotiation.
  • Require StrictFortiADC requires strict secure renegotiation of SSL connections. In this mode, FortiADC denies initial SSL handshakes from real servers that do not support secure renegotiation.
Renegotiation-Deny-Action

This option becomes available when Renegotiation is disabled on the server side. In that case, you must select an action that FortiADC will take when denying an SSL renegotiation request:

  • Ignore (default)—Ignores SSL renegotiation requests.
  • Terminate— Terminates SSL connections.

RFC 7919 Comply

Enable/disable parameters to comply with RFC 7919.

Note: RFC 7919 Comply cannot support SSLv3 and TLS 1.3. If RFC 7919 Comply is enabled and SSLv3 or TLSv1.3 is selected in Allowed SSL Versions, an error message will display.

Supported Groups

The Supported Groups option is available if RFC 7919 Comply is enabled.

Specify the supported group objects from the following:

  • secp256r1

  • secp384r1

  • secp521r1

  • x25519

  • x448

  • ffdhe2048

  • ffdhe3072

  • ffdhe4096

  • ffdhe6144

  • ffdhe8192

At least one item from the FFDHE group must be selected.

Note:

The RFC 7919 Comply feature requires certain cipher selections to correspond with the Supported Group selection.

  • If a FFDHE group is selected (for example, ffdhe2048), then at least one cipher must be DHE-RSA (for example, DHE-RSA-AES256-SHA256).

  • If the Supported Group includes groups other than FFDHE (such as a SECP group, secp256r1), then at least one cipher must be ECDHE (for example, ECDHE-ECDSA-AES256-GCM-SHA384).

  • If a ECDHE cipher is selected (for example, ECDHE-ECDSA-AES256-GCM-SHA384), then the Supported Group must include at least one group that is not FFDHE (such as a SECP group, secp256r1).

Configuring real server SSL profiles

Configuring real server SSL profiles

A real server SSL profile determines settings used in network communication on the FortiADC-server segment, in contrast to a virtual server profile, which determines the settings used in network communication on the client-FortiADC segment.

SSL profiles illustrates the basic idea of client-side and server-side profiles.

SSL profiles

Predefined real server profiles provides a summary of the predefined profiles. You can select predefined profiles in the real server pool configuration, or you can create user-defined profiles.

Predefined real server profiles

Profile Defaults
LB_RS_SSL_PROF_DEFAULT
  • Allow version: SSLv3, TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3
  • Cipher suite list: custom
LB_RS_SSL_PROF_ECDSA
  • Allow version: SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2
  • Cipher suite list: ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-AES256-SHA, ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-RC4-SHA,ECDHE-ECDSA-DES-CBC3-SHA,
LB_RS_SSL_PROF_ECDSA_SSLV3
  • Allow version: SSLv3
  • Cipher suite list: ECDHE-ECDSA-AES256-SHA, ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-RC4-SHA,ECDHE-ECDSA-DES-CBC3-SHA,
LB_RS_SSL_PROF_ECDSA_TLS12
  • Allow version: TLSv1.2
  • Cipher suite list: ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,
LB_RS_SSL_PROF_ENULL
  • Allow version: SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2
  • Cipher suite list: eNull

Recommended for Microsoft Direct Access servers where the application data is already encrypted and no more encryption is needed.

LB_RS_SSL_PROF_HIGH
  • Allow version TLSv1.2
  • Cipher suite list: ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 AES256-GCM-SHA384 AES256-SHA256,
LB_RS_SSL_PROF_LOW_SSLV3
  • Allow version SSLv3
  • Cipher suite list: DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA AES128-GCM-SHA256 AES128-SHA256 AES128-SHA ECDHE-RSA-RC4-SHA RC4-MD5 ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA EDH-RSA-DES-CBC-SHA DES-CBC-SHA
LB_RS_SSL_PROF_MEDIUM
  • Allow version: TLSv1.0, TLSv1.1, and TLSv1.2
  • Cipher suite list: ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA AES128-GCM-SHA256 AES128-SHA256 AES128-SHA RC4-SHA EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA
NONE
  • SSL is disabled.
Before you begin:
  • You must have Read-Write permission for Load Balance settings.
To configure custom real server profiles:
  1. Go to Server Load Balance > Real Server Pool.
  2. Click the Server SSL tab.
  3. Click Create New to display the configuration editor.
  4. Complete the configuration as described in Real Server SSL Profile configuration guidelines.
  5. Save the configuration.

You can clone a predefined configuration object to help you get started with a user-defined configuration.

To clone a configuration object, click the clone icon that appears in the tools column on the configuration summary page.

Real Server SSL Profile configuration guidelines

Settings Guidelines
Name Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the real server pool configuration.

Note: After you initially save the configuration, you cannot edit the name.
SSL

Enable/disable SSL for the connection between the FortiADC and the real server.

Note: The following fields become available only when SSL is enabled. See above.

Customized SSL Ciphers Flag

Enable/disable use of user-specified cipher suites. When enabled, you must select a Customized SSL Cipher. See below.

Customized SSL Ciphers

If the customize cipher flag is enabled, specify a colon-separated, ordered list of cipher suites.

An empty string is allowed. If empty, the default cipher suite list is used.

The names you enter are validated against the form of the cipher suite short names published on the OpenSSL website:

https://www.openssl.org/docs/manprimary/apps/ciphers.html

SSL Cipher Suite List

Ciphers are listed from strongest to weakest:

  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES256-SHA384
  • ECDHE-ECDSA-CAMELLIA256-SHA384

  • *ECDHE-ECDSA-AES256-SHA
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • *ECDHE-ECDSA-AES128-SHA256
  • ECDHE-ECDSA-CAMELLIA128-SHA256

  • *ECDHE-ECDSA-AES128-SHA
  • ECDHE-ECDSA-DES-CBC3-SHA
  • ECDHE-ECDSA-RC4-SHA
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-RSA-CAMELLIA256-SHA384

  • *ECDHE-RSA-AES256-SHA
  • DHE-RSA-AES256-GCM-SHA384
  • *DHE-RSA-AES256-SHA256
  • DHE-RSA-CAMELLIA256-SHA256

  • *DHE-RSA-AES256-SHA
  • DHE-RSA-CAMELLIA256-SHA

  • AES256-GCM-SHA384
  • *AES256-SHA256
  • *AES256-SHA
  • ECDHE-RSA-AES128-GCM-SHA256
  • *ECDHE-RSA-AES128-SHA256
  • ECDHE-RSA-CAMELLIA128-SHA256

  • *ECDHE-RSA-AES128-SHA
  • DHE-RSA-AES128-GCM-SHA256
  • *DHE-RSA-AES128-SHA256
  • DHE-RSA-CAMELLIA128-SHA256

  • *DHE-RSA-AES128-SHA
  • AES128-GCM-SHA256
  • *AES128-SHA256
  • *AES128-SHA
  • ECDHE-RSA-RC4-SHA
  • RC4-SHA
  • RC4-MD5
  • ECDHE-RSA-DES-CBC3-SHA
  • EDH-RSA-DES-CBC3-SHA
  • DES-CBC3-SHA
  • EDH-RSA-DES-CBC-SHA
  • DES-CBC-SHA
  • eNULL

*These ciphers are fully supported by hardware SSL (in 400F, 1200F, 2200F, 4200F and 5000F).

Note: We recommend retaining the default list. If necessary, you can deselect the SSL ciphers that you do not want to support.

TLSv1.3 Cipher Suite List

TLSv1.3 ciphers are listed as following:

  • TLS_AES_256_GCM_SHA384
  • TLS_AES_128_GCM_SHA256
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_CCM_SHA256
  • TLS_AES_128_CCM_8_SHA256

Note: This option only available if the TLSv1.3 is checked.

Allowed SSL Versions

You have the following options:

  • SSLv3
  • TLSv1.0
  • TLSv1.1
  • TLSv1.2
  • TLSv1.3

Note:

  • Please make sure that the SSL version is continuous. If not, an error message should be returned.

  • RFC 7919 Comply cannot support SSLv3 and TLS 1.3. If RFC 7919 Comply is enabled and SSLv3 or TLSv1.3 is selected in Allowed SSL Versions, an error message will display.

Certificate Verify Specify a Certificate Verify configuration object to validate server certificates. This Certificate Verify object must include a CA group and may include OCSP and CRL checks.
SNI Forward Flag Enable/disable forwarding the client SNI value to the server. The SNI value will be forwarded to the real server only when the client-side ClientHello message contains a valid SNI value; otherwise, nothing is forwarded.
Session Reuse Flag Enable/disable SSL session reuse.
Session Reuse Limit The default is 0 (disabled). The valid range is 0-1048576.
TLS Ticket Flag Enable/disable TLS ticket-based session reuse.
Renegotiation

This option controls how FortiADC responds to mid-stream SSL reconnection requests either initiated by real servers or forced by FortiADC.

Note:

  • This option is enabled by default.
  • When disabled, you must select an option for Renegotiation-Deny-Action.
Renegotiation Period

Specify the interval from the initial connect time that FortiADC renegotiates an SSL session. The unit of measurement can be second (default), minute, or hour, e.g., 100s, 20m, or 1h.

Note:

  • The default is 0, which disables the function.
  • If a custom value is set, FortiADC will renegotiate the SSL session accordingly. For example, if you set the renegotiate period to 3600s (or 3600, 60m, or 1h), FortiADC will renegotiate the SSL session at least once an hour.
Renegotiate Size

Specify the amount (in MB) of application data that must have been transmitted over the secure connection before FortiADC initiates the renegotiation of an SSL session.

Note: The default is 0, which disables the function.

Secure Renegotiation

Select one of the following options:

  • RequestFortiADC requests secure renegotiation of SSL connections.
  • RequireFortiADC requires secure renegotiation of SSL connections. In this mode, FortiADC allows initial SSL handshakes from real servers, but terminates renegotiation from real servers that do not support secure renegotiation.
  • Require StrictFortiADC requires strict secure renegotiation of SSL connections. In this mode, FortiADC denies initial SSL handshakes from real servers that do not support secure renegotiation.
Renegotiation-Deny-Action

This option becomes available when Renegotiation is disabled on the server side. In that case, you must select an action that FortiADC will take when denying an SSL renegotiation request:

  • Ignore (default)—Ignores SSL renegotiation requests.
  • Terminate— Terminates SSL connections.

RFC 7919 Comply

Enable/disable parameters to comply with RFC 7919.

Note: RFC 7919 Comply cannot support SSLv3 and TLS 1.3. If RFC 7919 Comply is enabled and SSLv3 or TLSv1.3 is selected in Allowed SSL Versions, an error message will display.

Supported Groups

The Supported Groups option is available if RFC 7919 Comply is enabled.

Specify the supported group objects from the following:

  • secp256r1

  • secp384r1

  • secp521r1

  • x25519

  • x448

  • ffdhe2048

  • ffdhe3072

  • ffdhe4096

  • ffdhe6144

  • ffdhe8192

At least one item from the FFDHE group must be selected.

Note:

The RFC 7919 Comply feature requires certain cipher selections to correspond with the Supported Group selection.

  • If a FFDHE group is selected (for example, ffdhe2048), then at least one cipher must be DHE-RSA (for example, DHE-RSA-AES256-SHA256).

  • If the Supported Group includes groups other than FFDHE (such as a SECP group, secp256r1), then at least one cipher must be ECDHE (for example, ECDHE-ECDSA-AES256-GCM-SHA384).

  • If a ECDHE cipher is selected (for example, ECDHE-ECDSA-AES256-GCM-SHA384), then the Supported Group must include at least one group that is not FFDHE (such as a SECP group, secp256r1).