Fortinet white logo
Fortinet white logo

Handbook

Configuring client SSL profiles

Configuring client SSL profiles

A client SSL profile is used to manage the SSL session between the client and the proxy. It allows FortiADC to accept and terminate client requests sent via the SSL protocol. The Client SSL Profile page provides the settings for configuring client-side SSL connections, and displays all the client SSL profiles that have been configured on the system.

Before you begin creating a client SSL profile:
  • You must have already created configuration objects for certificates, certificate caching, and certificate verify if you want to include them in the profile.
  • You must have Read-Write permission for Load Balance settings.
To configure custom profiles:
  1. Go to Server Load Balance > Application Resources. Click the Client SSL Profile tab.
  2. Click Create New to display the configuration editor.
  3. Complete the configuration as described in Client SSL profile configuration guidelines.
  4. Save the configuration.

You can clone a predefined client SSL profile to help you get started with a user-defined configuration.

To clone a configuration object, click the clone icon that appears in the tools column on the configuration summary page.

Client SSL profile configuration guidelines

Type Profile Configuration Guidelines

Name

Specify a unique name for the client SSL profile.

Customized SSL Ciphers Flag

Enable or disable the use of user-specified cipher suites. If enabled, you must specify a colon-separated, ordered list of a customized SSL cipher suites. See below.

Customized SSL Ciphers

Available only when the Customized SSL Cipher Flag is enabled (see above). Specify a colon-separated, ordered list of a customized SSL cipher suites.

Note: FortiADC will use the default SSL cipher suite if the field is left empty.

SSL Ciphers

Ciphers are listed from strongest to weakest:

  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES256-SHA384
  • ECDHE-ECDSA-CAMELLIA256-SHA384

  • *ECDHE-ECDSA-AES256-SHA
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • *ECDHE-ECDSA-AES128-SHA256
  • ECDHE-ECDSA-CAMELLIA128-SHA256

  • *ECDHE-ECDSA-AES128-SHA
  • ECDHE-ECDSA-DES-CBC3-SHA
  • ECDHE-ECDSA-RC4-SHA
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-RSA-CAMELLIA256-SHA384

  • *ECDHE-RSA-AES256-SHA
  • DHE-RSA-AES256-GCM-SHA384
  • *DHE-RSA-AES256-SHA256
  • DHE-RSA-CAMELLIA256-SHA256

  • *DHE-RSA-AES256-SHA
  • DHE-RSA-CAMELLIA256-SHA

  • AES256-GCM-SHA384
  • *AES256-SHA256
  • *AES256-SHA
  • ECDHE-RSA-AES128-GCM-SHA256
  • *ECDHE-RSA-AES128-SHA256
  • ECDHE-RSA-CAMELLIA128-SHA256

  • *ECDHE-RSA-AES128-SHA
  • DHE-RSA-AES128-GCM-SHA256
  • *DHE-RSA-AES128-SHA256
  • DHE-RSA-CAMELLIA128-SHA256

  • *DHE-RSA-AES128-SHA
  • AES128-GCM-SHA256
  • *AES128-SHA256
  • *AES128-SHA
  • ECDHE-RSA-RC4-SHA
  • RC4-SHA
  • RC4-MD5
  • ECDHE-RSA-DES-CBC3-SHA
  • EDH-RSA-DES-CBC3-SHA
  • DES-CBC3-SHA
  • eNULL

*These ciphers are fully supported by hardware SSL (in 400F, 1200F, 2200F, 4200F and 5000F).

Note: We recommend retaining the default list. If necessary, you can deselect the SSL ciphers that you do not want to support.

TLSv1.3 Cipher Suite List

TLSv1.3 ciphers are listed as following:

  • TLS_AES_256_GCM_SHA384
  • TLS_AES_128_GCM_SHA256
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_CCM_SHA256
  • TLS_AES_128_CCM_8_SHA256

Note: This option only available if the TLSv1.3 is checked.

Allowed SSL Versions

You have the following options:

  • SSLv3
  • TLSv1.0
  • TLSv1.1
  • TLSv1.2
  • TLSv1.3

We recommend retaining the default list. If necessary, you can deselect SSL versions you do not want to support.

Note:

  • FortiADC does not support session reuse for SSLv2 at the client side. Instead, a new SSL session is started. Please make sure that the SSL versions are continuous. IF not, an error message should be returned.

  • RFC 7919 Comply cannot support SSLv3 and TLS 1.3. If RFC 7919 Comply is enabled and SSLv3 or TLSv1.3 is selected in Allowed SSL Versions, an error message will display.

Client Certificate Verify

Select the client certificate verify configuration object.

Note: For VS configurations that reference a ZTNA Profile, ensure the corresponding EMS CA certificate is selected for the corresponding Client SSL profile.

Client Certificate Verify Mode

This option is available only when the Client Certificate Verify is selected.

Select one of the following:

  • Required (default)

  • Optional

SSL Session Cache Flag

Allows to the same SSL client attempts to reconnect to this SSL server and requests a resumption of a previous SSL session.

Note: This feature doesn’t support TLSv1.3

Use TLS Tickets

Allows resuming TLS sessions by storing key material encrypted on the clients.

Note: This feature doesn’t support TLSv1.3

Client Certificate Forward

Disabled by default. When enabled, you must specify the client certificate forward header. See below.

Client Certificate Forward Header

When Client Certificate Forward is enabled (see above), specify the client certificate forward header.

Forward Proxy

By default, (SSL) Forward Proxy is disabled. When enabled, you'll have to configure additional settings noted below.

Note: RFC 7919 Comply is not supported for Forward Proxy. If RFC 7919 Comply is enabled and Forward Proxy is enabled, the RFC 7919 Comply feature will not apply to Forward Proxy functionality.

Client SNI Required

Require clients to use the TLS server name indication (SNI) extension to include the server hostname in the TLS client hello message. Then, the FortiADC system can select the appropriate local server certificate to present to the client.

Local Certificate Group

Select a local certificate group that includes the certificates this virtual server presents to SSL/TLS clients. This should be the backend servers' certificate, NOT the appliance's GUI web server certificate. See Manage certificates.

Reject OCSP Stapling with Missing Nextupdate

This flag is meaningful only when you have configured OCSP stapling in Local Certificate Group.

By default, this option is disabled (unselected). In that case, FortiADC accepts all OCSP responses, including those in which the next update field is not set. If enabled, and the next update field is not set in an OCSP stapling response, FortiADC will not load this OCSP stapling response or present it to clients during the SSL/TLS handshake.

Renegotiation

Enable or disable SSL renegotiation from the client side.

Note:

  • The feature is disabled by default.
  • When enabled, you must configure the options below.
Renegotiation Interval

Specify the minimum interval between two successive client-initiated SSL renegotiation requests. The unit of measurement can be second, minute, or hour, e.g., 100s, 20m, or 1h.

Note:

  • The default is -1, which disables the function.
  • 0 means ‘Indefinite’.
  • FortiADC will terminate the connection once the threshold is exceeded.
SSL DH Parameter Size

Specify the pubkey length in Diffie Hellman. Default is 1024.

Note: The SSL DH Parameter Size option is not available when RFC 7919 Comply is enabled.

SSL Renegotiate Period

Specify the period in second (default), minute, or hour at which FortiADC will initiate SSL renegotiation.

Note: The default is 0, which disables the function.

SSL Renegotiate Size

Specify the amount (MB) of application data that must have been transmitted over the SSL connection whenFortiADC initiates SSL renegotiation.

Note: The default is 0, which disables the function.

Secure Renegotiation

Select one of the following:

  • RequestFortiADC requests secure renegotiation of SSL connections.
  • Require—(Default) Specifies thatFortiADC requires secure renegotiation of SSL connections. In this mode, FortiADC permits initial SSL handshakes from clients, but terminates renegotiation requests from clients that do not support secure renegotiation.
  • Require StrictFortiADC requires strict secure renegotiation of SSL connections. In this mode, FortiADC denies initial SSL handshakes from clients that do not support secure renegotiation.

RFC 7919 Comply

Enable/disable parameters to comply with RFC 7919.

Note:

  • RFC 7919 Comply is not supported for Forward Proxy. If RFC 7919 Comply is enabled and Forward Proxy is enabled, the RFC 7919 Comply feature will not apply to Forward Proxy functionality.

  • RFC 7919 Comply cannot support SSLv3 and TLS 1.3. If RFC 7919 Comply is enabled and SSLv3 or TLSv1.3 is selected in Allowed SSL Versions, an error message will display.

  • When RFC 7919 Comply is enabled the SSL DH Parameter Size option becomes unavailable.

Supported Groups

The Supported Groups option is available if RFC 7919 Comply is enabled.

Specify the supported group objects from the following:

  • secp256r1

  • secp384r1

  • secp521r1

  • x25519

  • x448

  • ffdhe2048

  • ffdhe3072

  • ffdhe4096

  • ffdhe6144

  • ffdhe8192

At least one item from the FFDHE group must be selected.

Note:

The RFC 7919 Comply feature requires certain cipher selections to correspond with the Supported Group selection.

  • If a FFDHE group is selected (for example, ffdhe2048), then at least one cipher must be DHE-RSA (for example, DHE-RSA-AES256-SHA256).

  • If the Supported Group includes groups other than FFDHE (such as a SECP group, secp256r1), then at least one cipher must be ECDHE (for example, ECDHE-ECDSA-AES256-GCM-SHA384).

  • If a ECDHE cipher is selected (for example, ECDHE-ECDSA-AES256-GCM-SHA384), then the Supported Group must include at least one group that is not FFDHE (such as a SECP group, secp256r1).

Dynamic record sizing

Allows ADC to dynamically adjust the size of TLS records based on the state of the connection, in order to prevent bottlenecks caused by the buffering of TLS record fragments.

Note: The feature is disabled by default.

Note: The following fields become available only when Forward Proxy is enabled.

Forward Proxy Certificate Caching

Select a Forward Proxy Certificate Caching rule.

Forward Proxy Local Signing CA

Select a Forward Proxy Local Signing CA.

Forward Proxy Intermediate CA Group

Select a Forward Proxy Intermediate CA Group.

Backend SSL SNI Forward

Disabled by default. Enable it to let FortiADC forward Server Name Indication (SNI) from the client to the back end.

Backend Customized SSL Ciphers Flag

Enabled by default. In this case, you must specify the backend customized SS ciphers. See below.

Backend Customized SSL Ciphers

Specify the customized SSL ciphers to be supported at the back end.

Backend SSL Cipher Suite List

Select the cipher from the list to be supported at the back end.

Backend TLSv1.3 Cipher Suite List

TLSv1.3 ciphers are listed as following:

TLS_AES_256_GCM_SHA384

TLS_AES_128_GCM_SHA256

TLS_CHACHA20_POLY1305_SHA256

TLS_AES_128_CCM_SHA256

TLS_AES_128_CCM_8_SHA256

Note: This option only available if the backendTLSv1.3 is checked.

Backend Allowed SSL Versions

We recommend retaining the default list. If necessary, you can deselect SSL versions you do not want to support.

Note: FortiADC does not support session reuse for SSLv2 at the client side. Instead, a new SSL session is started.

Backend SSL OCSP Stapling Support

Disabled by default. Enable it to let FortiADC support OCSP stapling at the backend.

Configuring client SSL profiles

Configuring client SSL profiles

A client SSL profile is used to manage the SSL session between the client and the proxy. It allows FortiADC to accept and terminate client requests sent via the SSL protocol. The Client SSL Profile page provides the settings for configuring client-side SSL connections, and displays all the client SSL profiles that have been configured on the system.

Before you begin creating a client SSL profile:
  • You must have already created configuration objects for certificates, certificate caching, and certificate verify if you want to include them in the profile.
  • You must have Read-Write permission for Load Balance settings.
To configure custom profiles:
  1. Go to Server Load Balance > Application Resources. Click the Client SSL Profile tab.
  2. Click Create New to display the configuration editor.
  3. Complete the configuration as described in Client SSL profile configuration guidelines.
  4. Save the configuration.

You can clone a predefined client SSL profile to help you get started with a user-defined configuration.

To clone a configuration object, click the clone icon that appears in the tools column on the configuration summary page.

Client SSL profile configuration guidelines

Type Profile Configuration Guidelines

Name

Specify a unique name for the client SSL profile.

Customized SSL Ciphers Flag

Enable or disable the use of user-specified cipher suites. If enabled, you must specify a colon-separated, ordered list of a customized SSL cipher suites. See below.

Customized SSL Ciphers

Available only when the Customized SSL Cipher Flag is enabled (see above). Specify a colon-separated, ordered list of a customized SSL cipher suites.

Note: FortiADC will use the default SSL cipher suite if the field is left empty.

SSL Ciphers

Ciphers are listed from strongest to weakest:

  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES256-SHA384
  • ECDHE-ECDSA-CAMELLIA256-SHA384

  • *ECDHE-ECDSA-AES256-SHA
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • *ECDHE-ECDSA-AES128-SHA256
  • ECDHE-ECDSA-CAMELLIA128-SHA256

  • *ECDHE-ECDSA-AES128-SHA
  • ECDHE-ECDSA-DES-CBC3-SHA
  • ECDHE-ECDSA-RC4-SHA
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-RSA-CAMELLIA256-SHA384

  • *ECDHE-RSA-AES256-SHA
  • DHE-RSA-AES256-GCM-SHA384
  • *DHE-RSA-AES256-SHA256
  • DHE-RSA-CAMELLIA256-SHA256

  • *DHE-RSA-AES256-SHA
  • DHE-RSA-CAMELLIA256-SHA

  • AES256-GCM-SHA384
  • *AES256-SHA256
  • *AES256-SHA
  • ECDHE-RSA-AES128-GCM-SHA256
  • *ECDHE-RSA-AES128-SHA256
  • ECDHE-RSA-CAMELLIA128-SHA256

  • *ECDHE-RSA-AES128-SHA
  • DHE-RSA-AES128-GCM-SHA256
  • *DHE-RSA-AES128-SHA256
  • DHE-RSA-CAMELLIA128-SHA256

  • *DHE-RSA-AES128-SHA
  • AES128-GCM-SHA256
  • *AES128-SHA256
  • *AES128-SHA
  • ECDHE-RSA-RC4-SHA
  • RC4-SHA
  • RC4-MD5
  • ECDHE-RSA-DES-CBC3-SHA
  • EDH-RSA-DES-CBC3-SHA
  • DES-CBC3-SHA
  • eNULL

*These ciphers are fully supported by hardware SSL (in 400F, 1200F, 2200F, 4200F and 5000F).

Note: We recommend retaining the default list. If necessary, you can deselect the SSL ciphers that you do not want to support.

TLSv1.3 Cipher Suite List

TLSv1.3 ciphers are listed as following:

  • TLS_AES_256_GCM_SHA384
  • TLS_AES_128_GCM_SHA256
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_CCM_SHA256
  • TLS_AES_128_CCM_8_SHA256

Note: This option only available if the TLSv1.3 is checked.

Allowed SSL Versions

You have the following options:

  • SSLv3
  • TLSv1.0
  • TLSv1.1
  • TLSv1.2
  • TLSv1.3

We recommend retaining the default list. If necessary, you can deselect SSL versions you do not want to support.

Note:

  • FortiADC does not support session reuse for SSLv2 at the client side. Instead, a new SSL session is started. Please make sure that the SSL versions are continuous. IF not, an error message should be returned.

  • RFC 7919 Comply cannot support SSLv3 and TLS 1.3. If RFC 7919 Comply is enabled and SSLv3 or TLSv1.3 is selected in Allowed SSL Versions, an error message will display.

Client Certificate Verify

Select the client certificate verify configuration object.

Note: For VS configurations that reference a ZTNA Profile, ensure the corresponding EMS CA certificate is selected for the corresponding Client SSL profile.

Client Certificate Verify Mode

This option is available only when the Client Certificate Verify is selected.

Select one of the following:

  • Required (default)

  • Optional

SSL Session Cache Flag

Allows to the same SSL client attempts to reconnect to this SSL server and requests a resumption of a previous SSL session.

Note: This feature doesn’t support TLSv1.3

Use TLS Tickets

Allows resuming TLS sessions by storing key material encrypted on the clients.

Note: This feature doesn’t support TLSv1.3

Client Certificate Forward

Disabled by default. When enabled, you must specify the client certificate forward header. See below.

Client Certificate Forward Header

When Client Certificate Forward is enabled (see above), specify the client certificate forward header.

Forward Proxy

By default, (SSL) Forward Proxy is disabled. When enabled, you'll have to configure additional settings noted below.

Note: RFC 7919 Comply is not supported for Forward Proxy. If RFC 7919 Comply is enabled and Forward Proxy is enabled, the RFC 7919 Comply feature will not apply to Forward Proxy functionality.

Client SNI Required

Require clients to use the TLS server name indication (SNI) extension to include the server hostname in the TLS client hello message. Then, the FortiADC system can select the appropriate local server certificate to present to the client.

Local Certificate Group

Select a local certificate group that includes the certificates this virtual server presents to SSL/TLS clients. This should be the backend servers' certificate, NOT the appliance's GUI web server certificate. See Manage certificates.

Reject OCSP Stapling with Missing Nextupdate

This flag is meaningful only when you have configured OCSP stapling in Local Certificate Group.

By default, this option is disabled (unselected). In that case, FortiADC accepts all OCSP responses, including those in which the next update field is not set. If enabled, and the next update field is not set in an OCSP stapling response, FortiADC will not load this OCSP stapling response or present it to clients during the SSL/TLS handshake.

Renegotiation

Enable or disable SSL renegotiation from the client side.

Note:

  • The feature is disabled by default.
  • When enabled, you must configure the options below.
Renegotiation Interval

Specify the minimum interval between two successive client-initiated SSL renegotiation requests. The unit of measurement can be second, minute, or hour, e.g., 100s, 20m, or 1h.

Note:

  • The default is -1, which disables the function.
  • 0 means ‘Indefinite’.
  • FortiADC will terminate the connection once the threshold is exceeded.
SSL DH Parameter Size

Specify the pubkey length in Diffie Hellman. Default is 1024.

Note: The SSL DH Parameter Size option is not available when RFC 7919 Comply is enabled.

SSL Renegotiate Period

Specify the period in second (default), minute, or hour at which FortiADC will initiate SSL renegotiation.

Note: The default is 0, which disables the function.

SSL Renegotiate Size

Specify the amount (MB) of application data that must have been transmitted over the SSL connection whenFortiADC initiates SSL renegotiation.

Note: The default is 0, which disables the function.

Secure Renegotiation

Select one of the following:

  • RequestFortiADC requests secure renegotiation of SSL connections.
  • Require—(Default) Specifies thatFortiADC requires secure renegotiation of SSL connections. In this mode, FortiADC permits initial SSL handshakes from clients, but terminates renegotiation requests from clients that do not support secure renegotiation.
  • Require StrictFortiADC requires strict secure renegotiation of SSL connections. In this mode, FortiADC denies initial SSL handshakes from clients that do not support secure renegotiation.

RFC 7919 Comply

Enable/disable parameters to comply with RFC 7919.

Note:

  • RFC 7919 Comply is not supported for Forward Proxy. If RFC 7919 Comply is enabled and Forward Proxy is enabled, the RFC 7919 Comply feature will not apply to Forward Proxy functionality.

  • RFC 7919 Comply cannot support SSLv3 and TLS 1.3. If RFC 7919 Comply is enabled and SSLv3 or TLSv1.3 is selected in Allowed SSL Versions, an error message will display.

  • When RFC 7919 Comply is enabled the SSL DH Parameter Size option becomes unavailable.

Supported Groups

The Supported Groups option is available if RFC 7919 Comply is enabled.

Specify the supported group objects from the following:

  • secp256r1

  • secp384r1

  • secp521r1

  • x25519

  • x448

  • ffdhe2048

  • ffdhe3072

  • ffdhe4096

  • ffdhe6144

  • ffdhe8192

At least one item from the FFDHE group must be selected.

Note:

The RFC 7919 Comply feature requires certain cipher selections to correspond with the Supported Group selection.

  • If a FFDHE group is selected (for example, ffdhe2048), then at least one cipher must be DHE-RSA (for example, DHE-RSA-AES256-SHA256).

  • If the Supported Group includes groups other than FFDHE (such as a SECP group, secp256r1), then at least one cipher must be ECDHE (for example, ECDHE-ECDSA-AES256-GCM-SHA384).

  • If a ECDHE cipher is selected (for example, ECDHE-ECDSA-AES256-GCM-SHA384), then the Supported Group must include at least one group that is not FFDHE (such as a SECP group, secp256r1).

Dynamic record sizing

Allows ADC to dynamically adjust the size of TLS records based on the state of the connection, in order to prevent bottlenecks caused by the buffering of TLS record fragments.

Note: The feature is disabled by default.

Note: The following fields become available only when Forward Proxy is enabled.

Forward Proxy Certificate Caching

Select a Forward Proxy Certificate Caching rule.

Forward Proxy Local Signing CA

Select a Forward Proxy Local Signing CA.

Forward Proxy Intermediate CA Group

Select a Forward Proxy Intermediate CA Group.

Backend SSL SNI Forward

Disabled by default. Enable it to let FortiADC forward Server Name Indication (SNI) from the client to the back end.

Backend Customized SSL Ciphers Flag

Enabled by default. In this case, you must specify the backend customized SS ciphers. See below.

Backend Customized SSL Ciphers

Specify the customized SSL ciphers to be supported at the back end.

Backend SSL Cipher Suite List

Select the cipher from the list to be supported at the back end.

Backend TLSv1.3 Cipher Suite List

TLSv1.3 ciphers are listed as following:

TLS_AES_256_GCM_SHA384

TLS_AES_128_GCM_SHA256

TLS_CHACHA20_POLY1305_SHA256

TLS_AES_128_CCM_SHA256

TLS_AES_128_CCM_8_SHA256

Note: This option only available if the backendTLSv1.3 is checked.

Backend Allowed SSL Versions

We recommend retaining the default list. If necessary, you can deselect SSL versions you do not want to support.

Note: FortiADC does not support session reuse for SSLv2 at the client side. Instead, a new SSL session is started.

Backend SSL OCSP Stapling Support

Disabled by default. Enable it to let FortiADC support OCSP stapling at the backend.