FortiGate encryption algorithm cipher suites

FortiGates use SSL/TLS encryption for HTTPS and SSH administrative access, and SSL VPN remote access. When establishing an SSL/TLS or SSH connection, you can control the encryption level and the ciphers that are used in order to control the security level.

HTTPS access

HTTP administrative access encryption is controlled using the following commands:

config sys global
    set strong-crypto {enable | disable}
    set admin-https-ssl-versions {tlsv1-1 tlsv1-2 tlsv1-3}
end

When strong encryption is enabled, only TLS 1.2 and TLS 1.3 are allowed. If strong encryption is then disabled, TLS 1.1 has to be manually enabled.

Specific cipher suites are supported by each TLS version:

TLS version

Supported Cipher Suites

TLS 1.11

ECDHE-RSA-AES256-SHA1

AES256-SHA1

ECDHE-RSA-AES128-SHA1

AES128-SHA1

TLS 1.2

ECDHE-RSA-AES256-GCM-SHA384

AES256-GCM-SHA3841