Fortinet Document Library

Version:

7.0.0
6.4.5
6.4.4

Version:

6.4.3
6.4.2
6.4.1

Version:

6.4.0
6.2.7
6.2.6

Version:

6.2.5
6.2.4
6.2.3

Version:

6.2.2
6.2.1
6.2.0

Version:

6.0.12
6.0.11
6.0.10

Version:

6.0.9
6.0.8
6.0.7

Version:

6.0.6
6.0.5
6.0.4

Version:

6.0.3
6.0.2
6.0.1

Version:

6.0.0
5.6.13
5.6.12

Version:

5.6.11
5.6.10
5.6.9

Version:

5.6.8
5.6.7
5.6.6

Version:

5.6.5
5.6.4
5.6.3

Version:

5.6.2
5.6.1
5.6.0

Version:

5.4.13
5.4.12
5.4.11

Version:

5.4.10
5.4.9
5.4.8

Version:

5.4.7
5.4.6
5.4.5

Version:

5.4.4
5.4.3
5.4.2

Version:

5.4.1
5.4.0
5.2.15

Version:

5.2.14
5.2.13
5.2.12

Version:

5.2.11
5.2.10
5.2.9

Version:

5.2.8
5.2.7
5.2.6

Version:

5.2.5
5.2.4
5.2.3

Version:

5.2.2
5.2.1
5.2.0

Version:

5.0.14
5.0.13
5.0.12

Version:

5.0.11
5.0.10
5.0.9

Version:

5.0.8
5.0.7
5.0.6

Version:

5.0.5
5.0.4
5.0.3

Version:

5.0.2

Table of Contents

FortiOS Release Notes

6.2.7
7.0.0
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.10
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.9
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.14
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
Download PDF
Copy Link

SSL traffic over TLS 1.0 will not be checked and will be bypassed by default

FortiOS 6.2.6 and 6.4.3 ended support for TLS 1.0 when strong-crypto is enabled under system global. With this change, SSL traffic over TLS 1.0 will not be checked so it will be bypassed by default.

To examine and/or block TLS 1.0 traffic, an administrator can either:

  • Disable strong-crypto under config system global. This applies to FortiOS 6.2.6 and 6.4.3, or later versions.
  • Under config firewall ssl-ssh-profile:
    • in FortiOS 6.2.6 and later, set unsupported-ssl to block.
    • in FortiOS 6.4.3 and later, set unsupported-ssl-negotiation to block.

SSL traffic over TLS 1.0 will not be checked and will be bypassed by default

FortiOS 6.2.6 and 6.4.3 ended support for TLS 1.0 when strong-crypto is enabled under system global. With this change, SSL traffic over TLS 1.0 will not be checked so it will be bypassed by default.

To examine and/or block TLS 1.0 traffic, an administrator can either:

  • Disable strong-crypto under config system global. This applies to FortiOS 6.2.6 and 6.4.3, or later versions.
  • Under config firewall ssl-ssh-profile:
    • in FortiOS 6.2.6 and later, set unsupported-ssl to block.
    • in FortiOS 6.4.3 and later, set unsupported-ssl-negotiation to block.