FortiGate encryption algorithm cipher suites

FortiGates use SSL/TLS encryption for HTTPS and SSH administrative access, and SSL VPN remote access. When establishing an SSL/TLS or SSH connection, you can control the encryption level and the ciphers that are used in order to control the security level.

HTTPS access

HTTP administrative access encryption is controlled using the following commands:

config system global
    set strong-crypto {enable | disable}
    set admin-https-ssl-versions {tlsv1-1 tlsv1-2 tlsv1-3}
    set admin-https-ssl-ciphersuites {<cipher_1> ... <cipher_n>}
    set admin-https-ssl-banned-ciphers {<cipher_1> ... <cipher_n>}
end

When strong encryption is enabled, only TLS 1.2 and TLS 1.3 are allowed. If strong encryption is then disabled, TLS 1.1 has to be manually enabled.

Setting admin-https-ssl-ciphersuites controls which cipher suites are offered in TLS 1.3. TLS 1.2 and lower are not affected by this command. To disable all TLS 1.3 cipher suites, remove TLS1-3 from admin-https-ssl-versions.

Setting admin-https-ssl-banned-ciphers controls which cipher technologies will not be offered for TLS 1.2 and lower.

Specific cipher suites are supported by each TLS version:

TLS version

Supported Cipher Suites

TLS 1.11

ECDHE-RSA-AES256-SHA1

AES256-SHA1

ECDHE-RSA-AES128-SHA1

AES128-SHA1

TLS 1.2

ECDHE-RSA-AES256-GCM-SHA384

AES256-GCM-SHA3841

ECDHE-RSA-AES128-GCM-SHA256

AES128-GCM-SHA2561

ECDHE-RSA-CHACHA20-POLY1305

AES256-SHA256

ECDHE-RSA-AES256-SHA384

AES128-SHA256

ECDHE-RSA-AES128-SHA256

AES256-SHA1

ECDHE-RSA-AES256-SHA1

AES128-SHA1

ECDHE-RSA-AES128-SHA1

 

TLS 1.3

TLS-AES-128-GCM-SHA256

TLS-AES-128-CCM-8-SHA256

TLS-AES-256-GCM-SHA384

TLS-CHACHA20-POLY1305-SHA256

TLS-AES-128-CCM-SHA256

 

 

1 Disabled if strong encryption (strong-crypto) is enabled.

SSH access

SSH access encryption is controlled using the following command:

config system global
    set admin-ssh-v1 {enable | disable}
    set strong-crypto {enable | disable} 
    set ssh-enc-algo <algo_1> [<algo_2> ... <algo_n>]
end

The algorithms available when configuring set ssh-enc-algo are affected by set strong-crypto as follows:

Encryption

Supported Ciphers

Strong

chacha20-poly1305@openssh.com

aes256-ctr

aes128-ctr

aes128-gcm@openssh.com

aes192-ctr

aes256-gcm@openssh.com

Weak

arcfour256

cast128-cbc

arcfour128

aes192-cbc

aes128-cbc

aes256-cbc

3des-cbc

arcfour

blowfish-cbc

rijndael-cbc@lysator.liu.se

SSL VPN

For SSL VPN connections, the TLS versions and cipher suites are controlled using the following commands:

config vpn ssl setting
    set algorithm {high | medium | low}
    set ssl-max-proto-ver {tls1-0 | tls1-1 | tls1-2 | tls1-3}
    set ssl-min-proto-ver {tls1-0 | tls1-1 | tls1-2 | tls1-3}
    set ciphersuite {TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256 TLS-AES-128-CCM-SHA256 TLS-AES-128-CCM-8-SHA256}
end

Cipher suites (ciphersuite) can only be selected when the SSL maximum version is TLS 1.3.

When the SSL VPN security level (algorithm) is set to high, only high levels are allowed. When it is set to medium, high and medium levels are allowed. When it is set to low, any level is allowed.

The strong encryption (strong-crypto) command has no effect on the SSL VPN encryption level or ciphers.

Specific cipher suites are supported by each TLS version:

TLS version

Supported Cipher Suites

TLS 1.0

ECDHE-RSA-AES256-SHA

DHE-RSA-CAMELLIA128-SHA

DHE-RSA-AES256-SHA

AES128-SHA

DHE-RSA-CAMELLIA256-SHA

SEED-SHA1

AES256-SHA

CAMELLIA128-SHA

CAMELLIA256-SHA

ECDHE-RSA-DES-CBC3-SHA1

ECDHE-RSA-AES128-SHA

EDH-RSA-DES-CBC3-SHA1

DHE-RSA-AES128-SHA1

DES-CBC3-SHA1

DHE-RSA-SEED-SHA

 

TLS 1.1

ECDHE-RSA-AES256-SHA

DHE-RSA-CAMELLIA128-SHA

DHE-RSA-AES256-SHA

AES128-SHA

DHE-RSA-CAMELLIA256-SHA

SEED-SHA1

AES256-SHA

CAMELLIA128-SHA

CAMELLIA256-SHA

ECDHE-RSA-DES-CBC3-SHA1

ECDHE-RSA-AES128-SHA

EDH-RSA-DES-CBC3-SHA1

DHE-RSA-AES128-SHA

DES-CBC3-SHA1

DHE-RSA-SEED-SHA1

 

TLS 1.2

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES128-SHA

ECDHE-RSA-AES256-SHA384

DHE-RSA-AES128-GCM-SHA256

ECDHE-RSA-AES256-SHA

DHE-RSA-AES128-CCM8

DHE-RSA-AES256-GCM-SHA384

DHE-RSA-AES128-CCM

ECDHE-RSA-CHACHA20-POLY1305

AES128-CCM8

DHE-RSA-CHACHA20-POLY1305

AES128-CCM

DHE-RSA-AES256-CCM8

DHE-RSA-AES128-SHA256

DHE-RSA-AES256-CCM

DHE-RSA-AES128-SHA

DHE-RSA-AES256-SHA256

ECDHE-RSA-CAMELLIA128-SHA256

DHE-RSA-AES256-SHA

DHE-RSA-CAMELLIA128-SHA256

ECDHE-RSA-CAMELLIA256-SHA384

DHE-RSA-SEED-SHA1

DHE-RSA-CAMELLIA256-SHA256

DHE-RSA-CAMELLIA128-SHA

DHE-RSA-CAMELLIA256-SHA

AES128-GCM-SHA256

AES256-GCM-SHA384

AES128-SHA256

AES256-CCM8

AES128-SHA

AES256-CCM

CAMELLIA128-SHA256

AES256-SHA256

SEED-SHA1

AES256-SHA

CAMELLIA128-SHA

CAMELLIA256-SHA256

ARIA128-GCM-SHA256

CAMELLIA256-SHA

DHE-RSA-ARIA128-GCM-SHA256

ARIA256-GCM-SHA384

ECDHE-ARIA128-GCM-SHA256

DHE-RSA-ARIA256-GCM-SHA384

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-ARIA256-GCM-SHA384