Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

SSL traffic over TLS 1.0 will not be checked and will be bypassed by default

FortiOS 6.2.6 and 6.4.3 ended support for TLS 1.0 when strong-crypto is enabled under system global. With this change, SSL traffic over TLS 1.0 will not be checked so it will be bypassed by default.

To examine and/or block TLS 1.0 traffic, an administrator can either:

  • Disable strong-crypto under config system global. This applies to FortiOS 6.2.6 and 6.4.3, or later versions.
  • Under config firewall ssl-ssh-profile:
    • in FortiOS 6.2.6 and later, set unsupported-ssl to block.
    • in FortiOS 6.4.3 and later, set unsupported-ssl-negotiation to block.

SSL traffic over TLS 1.0 will not be checked and will be bypassed by default

FortiOS 6.2.6 and 6.4.3 ended support for TLS 1.0 when strong-crypto is enabled under system global. With this change, SSL traffic over TLS 1.0 will not be checked so it will be bypassed by default.

To examine and/or block TLS 1.0 traffic, an administrator can either:

  • Disable strong-crypto under config system global. This applies to FortiOS 6.2.6 and 6.4.3, or later versions.
  • Under config firewall ssl-ssh-profile:
    • in FortiOS 6.2.6 and later, set unsupported-ssl to block.
    • in FortiOS 6.4.3 and later, set unsupported-ssl-negotiation to block.