Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Minimum version of TLS services automatically changed

For improved security, FortiOS 6.2.1 uses the ssl-min-proto-version option (under config system global) to control the minimum SSL protocol version used in communication between FortiGate and third-party SSL and TLS services.

When you upgrade to FortiOS 6.2.1 and later, the default ssl-min-proto-version option is TLS v1.2. The following SSL and TLS services inherit global settings to use TLS v1.2 as the default. You can override these settings.

  • Email server (config system email-server)
  • Certificate (config vpn certificate setting)
  • FortiSandbox (config system fortisandbox)
  • FortiGuard (config log fortiguard setting)
  • FortiAnalyzer (config log fortianalyzer setting)
  • LDAP server (config user ldap)
  • POP3 server (config user pop3)

Minimum version of TLS services automatically changed

For improved security, FortiOS 6.2.1 uses the ssl-min-proto-version option (under config system global) to control the minimum SSL protocol version used in communication between FortiGate and third-party SSL and TLS services.

When you upgrade to FortiOS 6.2.1 and later, the default ssl-min-proto-version option is TLS v1.2. The following SSL and TLS services inherit global settings to use TLS v1.2 as the default. You can override these settings.

  • Email server (config system email-server)
  • Certificate (config vpn certificate setting)
  • FortiSandbox (config system fortisandbox)
  • FortiGuard (config log fortiguard setting)
  • FortiAnalyzer (config log fortianalyzer setting)
  • LDAP server (config user ldap)
  • POP3 server (config user pop3)