SSL traffic over TLS 1.0 will not be checked and will be bypassed by default
FortiOS 6.2.6 and 6.4.3 ended support for TLS 1.0 when strong-crypto
is enabled under system global
. With this change, SSL traffic over TLS 1.0 will not be checked so it will be bypassed by default.
To examine and/or block TLS 1.0 traffic, an administrator can either:
- Disable
strong-crypto
underconfig system global
. This applies to FortiOS 6.2.6 and 6.4.3, or later versions. - Under
config firewall ssl-ssh-profile
:- in FortiOS 6.2.6 and later, set
unsupported-ssl
toblock
. - in FortiOS 6.4.3 and later, set
unsupported-ssl-negotiation
toblock
.
- in FortiOS 6.2.6 and later, set