FortiGate encryption algorithm cipher suites
FortiGates use SSL/TLS encryption for HTTPS and SSH administrative access, and SSL VPN remote access. When establishing an SSL/TLS or SSH connection, you can control the encryption level and the ciphers that are used in order to control the security level.
HTTPS access
HTTP administrative access encryption is controlled using the following commands:
config system global set strong-crypto {enable | disable} set admin-https-ssl-versions {tlsv1-1 tlsv1-2 tlsv1-3} set admin-https-ssl-ciphersuites {<cipher_1> ... <cipher_n>} set admin-https-ssl-banned-ciphers {<cipher_1> ... <cipher_n>} end
When strong encryption is enabled, only TLS 1.2 and TLS 1.3 are allowed. If strong encryption is then disabled, TLS 1.1 has to be manually enabled.
Setting admin-https-ssl-ciphersuites
controls which cipher suites are offered in TLS 1.3. TLS 1.2 and lower are not affected by this command. To disable all TLS 1.3 cipher suites, remove TLS1-3 from admin-https-ssl-versions
.
Setting admin-https-ssl-banned-ciphers
controls which cipher technologies will not be offered for TLS 1.2 and lower.
Specific cipher suites are supported by each TLS version:
TLS version |
Supported cipher suites |
|
---|---|---|
|
|
|
TLS 1.11 |
ECDHE-RSA-AES256-SHA1 |
AES256-SHA1 |
ECDHE-RSA-AES128-SHA1 |
AES128-SHA1 |
|
TLS 1.2 |
ECDHE-RSA-AES256-GCM-SHA384 |
AES256-GCM-SHA3841 |
ECDHE-RSA-AES128-GCM-SHA256 |
AES128-GCM-SHA2561 |
|
ECDHE-RSA-CHACHA20-POLY1305 |
AES256-SHA256 |
|
ECDHE-RSA-AES256-SHA384 |
AES128-SHA256 |
|
ECDHE-RSA-AES128-SHA256 |
AES256-SHA1 |
|
ECDHE-RSA-AES256-SHA1 |
AES128-SHA1 |
|
ECDHE-RSA-AES128-SHA1 |
|
|
TLS 1.3 |
TLS-AES-128-GCM-SHA256 |
TLS-AES-128-CCM-8-SHA256 |
TLS-AES-256-GCM-SHA384 |
TLS-CHACHA20-POLY1305-SHA256 |
|
TLS-AES-128-CCM-SHA256 |
|
|
1 Disabled if strong encryption (strong-crypto
) is enabled.
SSH access
SSH access encryption is controlled using the following command:
config system global set admin-ssh-v1 {enable | disable} set strong-crypto {enable | disable} set ssh-enc-algo <algo_1> [<algo_2> ... <algo_n>] set ssh-kex-algo <algo_1> [<algo_2> ... <algo_n>] set ssh-mac-algo <algo_1> [<algo_2> ... <algo_n>] end
The algorithms available when configuring set ssh-enc-algo
are affected by set strong-crypto
as follows:
Strong encryption setting |
Supported ciphers |
|
---|---|---|
Enabled |
chacha20-poly1305@openssh.com |
aes256-ctr |
aes256-gcm@openssh.com |
|
|
Disabled |
chacha20-poly1305@openssh.com | aes128-ctr |
aes192-ctr | aes256-ctr | |
arcfour256 | arcfour128 | |
aes128-cbc | 3des-cbc | |
blowfish-cbc |
cast128-cbc |
|
aes192-cbc |
aes256-cbc |
|
arcfour |
rijndael-cbc@lysator.liu.se |
|
aes128-gcm@openssh.com |
aes256-gcm@openssh.com |
The following options are available for the ssh-kex-algo
algorithm based on the strong encryption setting:
Strong encryption setting |
Supported ciphers |
|
---|---|---|
Enabled |
diffie-hellman-group-exchange-sha256 |
curve25519-sha256@libssh.org |
ecdh-sha2-nistp256 |
ecdh-sha2-nistp384 |
|
ecdh-sha2-nistp521 |
|
|
Disabled |
diffie-hellman-group14-sha1 |
diffie-hellman-group-exchange-sha1 |
diffie-hellman-group-exchange-sha256 |
curve25519-sha256@libssh.org |
|
ecdh-sha2-nistp256 |
ecdh-sha2-nistp384 |
|
ecdh-sha2-nistp521 |
|
The following options are available for the ssh-mac-algo
algorithm based on the strong encryption setting:
Strong encryption setting |
Supported ciphers |
|
---|---|---|
Enabled |
hmac-sha2-256 |
hmac-sha2-256-etm@openssh.com |
hmac-sha2-512 |
hmac-sha2-512-etm@openssh.com |
|
Disabled |
hmac-md5 |
hmac-md5-etm@openssh.com |
hmac-md5-96 |
hmac-md5-96-etm@openssh.com |
|
hmac-sha1 |
hmac-sha1-etm@openssh.com |
|
hmac-sha2-256 |
hmac-sha2-256-etm@openssh.com |
|
hmac-sha2-512 |
hmac-sha2-512-etm@openssh.com |
|
hmac-ripemd160 |
hmac-ripemd160@openssh.com |
|
hmac-ripemd160-etm@openssh.com |
umac-64@openssh.com |
|
umac-128@openssh.com |
umac-64-etm@openssh.com |
|
umac-128-etm@openssh.com |
|
SSL VPN
For SSL VPN connections, the TLS versions and cipher suites are controlled using the following commands:
config vpn ssl setting set algorithm {high | medium | low} set ssl-max-proto-ver {tls1-0 | tls1-1 | tls1-2 | tls1-3} set ssl-min-proto-ver {tls1-0 | tls1-1 | tls1-2 | tls1-3} set ciphersuite {TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256 TLS-AES-128-CCM-SHA256 TLS-AES-128-CCM-8-SHA256} end
Only cipher suites supported by TLS 1.3 can be set using the |
When the SSL VPN security level (algorithm
) is set to high, only high levels are allowed. When it is set to medium, high and medium levels are allowed. When it is set to low, any level is allowed.
The strong encryption (strong-crypto
) command has no effect on the SSL VPN encryption level or ciphers.
Specific cipher suites are supported by each TLS version:
TLS version |
Supported cipher suites |
|
---|---|---|
TLS 1.0 |
ECDHE-RSA-AES256-SHA |
DHE-RSA-CAMELLIA128-SHA |
DHE-RSA-AES256-SHA |
AES128-SHA |
|
DHE-RSA-CAMELLIA256-SHA |
SEED-SHA1 |
|
AES256-SHA |
CAMELLIA128-SHA |
|
CAMELLIA256-SHA |
ECDHE-RSA-DES-CBC3-SHA1* |
|
ECDHE-RSA-AES128-SHA |
EDH-RSA-DES-CBC3-SHA1* |
|
DHE-RSA-AES128-SHA1 |
DES-CBC3-SHA1* |
|
DHE-RSA-SEED-SHA |
|
|
TLS 1.1 |
ECDHE-RSA-AES256-SHA |
DHE-RSA-CAMELLIA128-SHA |
DHE-RSA-AES256-SHA |
AES128-SHA |
|
DHE-RSA-CAMELLIA256-SHA |
SEED-SHA1 |
|
AES256-SHA |
CAMELLIA128-SHA |
|
CAMELLIA256-SHA |
ECDHE-RSA-DES-CBC3-SHA1* |
|
ECDHE-RSA-AES128-SHA |
EDH-RSA-DES-CBC3-SHA1* |
|
DHE-RSA-AES128-SHA |
DES-CBC3-SHA1* |
|
DHE-RSA-SEED-SHA1 |
|
|
TLS 1.2 |
ECDHE-RSA-AES256-GCM-SHA384 |
ECDHE-RSA-AES128-SHA |
ECDHE-RSA-AES256-SHA384 |
DHE-RSA-AES128-GCM-SHA256 |
|
ECDHE-RSA-AES256-SHA |
DHE-RSA-AES128-CCM8 |
|
DHE-RSA-AES256-GCM-SHA384 |
DHE-RSA-AES128-CCM |
|
ECDHE-RSA-CHACHA20-POLY1305 |
AES128-CCM8 |
|
DHE-RSA-CHACHA20-POLY1305 |
AES128-CCM |
|
DHE-RSA-AES256-CCM8 |
DHE-RSA-AES128-SHA256 |
|
DHE-RSA-AES256-CCM |
DHE-RSA-AES128-SHA |
|
DHE-RSA-AES256-SHA256 |
ECDHE-RSA-CAMELLIA128-SHA256 |
|
DHE-RSA-AES256-SHA |
DHE-RSA-CAMELLIA128-SHA256 |
|
ECDHE-RSA-CAMELLIA256-SHA384 |
DHE-RSA-SEED-SHA1 |
|
DHE-RSA-CAMELLIA256-SHA256 |
DHE-RSA-CAMELLIA128-SHA |
|
DHE-RSA-CAMELLIA256-SHA |
AES128-GCM-SHA256 |
|
AES256-GCM-SHA384 |
AES128-SHA256 |
|
AES256-CCM8 |
AES128-SHA |
|
AES256-CCM |
CAMELLIA128-SHA256 |
|
AES256-SHA256 |
SEED-SHA1 |
|
AES256-SHA |
CAMELLIA128-SHA |
|
CAMELLIA256-SHA256 |
ARIA128-GCM-SHA256 |
|
CAMELLIA256-SHA |
DHE-RSA-ARIA128-GCM-SHA256 |
|
ARIA256-GCM-SHA384 |
ECDHE-ARIA128-GCM-SHA256 |
|
DHE-RSA-ARIA256-GCM-SHA384 |
ECDHE-RSA-AES256-GCM-SHA384 |
|
ECDHE-ARIA256-GCM-SHA384 |
ECDHE-RSA-DES-CBC3-SHA1* |
|
ECDHE-RSA-AES128-GCM-SHA256 |
EDH-RSA-DES-CBC3-SHA1* |
|
ECDHE-RSA-AES128-SHA256 |
DES-CBC3-SHA1* |
|
TLS 1.3 |
TLS_AES_256_GCM_SHA384 |
TLS_AES_128_CCM_SHA256 |
TLS_CHACHA20_POLY1305_SHA256 |
TLS_AES_128_CCM_8_SHA256 |
|
TLS_AES_128_GCM_SHA256 |
|
1 This cipher is not available when the SSL VPN security level (algorithm
) is set to high.
* This cipher is not available when the SSL VPN security level (algorithm
) is set to medium.
Additional features
Security hardening for other FortiOS features can also be achieved by managing the encryption level or ciphers. See SSL algorithm security level for more information about different levels of security.
An asterisk (*) represents the default values for each feature. |
Some of these features are described next.
WAN optimization
For WAN optimization tunnel connections, the encryption algorithm is controlled using the following commands:
config wanopt settings set tunnel-ssl-algorithm {high* | medium | low} end
Explicit FTP proxy
For explicit FTP proxy, the encryption algorithm is controlled using the following commands:
config ftp-proxy explicit set ssl-algorithm { high* | medium | low} end
Explicit web proxy
For explicit web proxy, the encryption algorithm is controlled using the following commands:
config web-proxy explicit set ssl-algorithm {high | medium | low*} end
SSL Server
For SSL server, the TLS versions and the encryption algorithm are controlled using the following commands:
config firewall ssl-server edit <name> set ssl-algorithm {high* |medium | low} set ssl-max-version {tls-1.0* |tls-1.1 | tls-1.2 | tls-1.3} set ssl-min-version {tls-1.0 |tls-1.1 | tls-1.2 | tls-1.3*} next end
VIP
For VIP, the TLS versions and the encryption algorithm are controlled using the following commands:
config firewall vip set ssl-max-version {ssl-3.0|tls-1.1 | tls1-2 | tls-1.3* | client} set ssl-min-version {ssl-3.0|tls-1.1* | tls1-2 | tls-1.3 |client} set ssl-algorithm {high* | medium | low | custom} config ssl-cipher-suites edit <priority> set cipher {TLS-AES-128-GCM-SHA256 | TLS-AES-256-GCM-SHA384|...} set versions {option1}, {option2}, ... next end set ssl-server-max-version [ssl-3.0|tls-1.1 | tls1-2 | tls-1.3 | client*} set ssl-server-min-version [ssl-3.0|tls-1.1 | tls1-2 | tls-1.3 | client*} set ssl-server-algorithm {high | medium | low | custom | client* } config ssl-server-cipher-suites edit <priority> set cipher {TLS-AES-128-GCM-SHA256 | TLS-AES-256-GCM-SHA384|...} set versions {option1}, {option2}, ... next end next end
The command
Similarly, the command
|
VoIP
For VoIP, the TLS versions and the encryption algorithm are controlled using the following commands:
config voip profile edit <name> config sip set ssl-algorithm {high* |medium | low} set ssl-max-version {ssl-3.0 | tls-1.0* |tls-1.1 | tls-1.2 | tls-1.3} set ssl-min-version {ssl-3.0 | tls-1.0 |tls-1.1 | tls-1.2 | tls-1.3*} next end
SSL algorithm security level
Option |
Description |
---|---|
high |
High encryption. Allow only AES and ChaCha. |
medium |
Medium encryption. Allow AES, ChaCha, 3DES, and RC4. |
low |
Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES. |
*custom |
Custom encryption. Use
|
*client |
Use the same encryption algorithms for both client and server sessions. |
The SSL algorithm security levels marked with an asterisk (*) are not supported across different FortiOS features. |
Other Products
The security level of communication to and from FortiOS can be managed by controlling the encryption level and ciphers used. See Encryption algorithm security level for more information about different levels of security.
An asterisk (*) represents the default value for each product. |
Some products that commonly interact with the FortiGate device are listed next.
syslog server
For syslog server, the TLS versions and the encryption algorithm are controlled using the following commands:
config log syslogd setting set enc-algorithm {high-medium | high | low | disable*} set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2} end config log syslogd override-setting set enc-algorithm {high-medium | high | low | disable*} set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2} end
The command |
FortiCloud
For logging to FortiCloud, the TLS versions and the encryption algorithm are controlled using the following commands:
config log fortiguard setting set enc-algorithm {high-medium | high* | low} set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2} end
FortiAnalyzer Cloud
For FortiAnalyzer Cloud, the TLS versions and the encryption algorithm are controlled using the following commands:
config log fortianalyzer-cloud setting set enc-algorithm {high-medium | high* | low} set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2 | TLSv1-3} end
FortiAnalyzer
For FortiAnalyzer, the TLS versions and the encryption algorithm are controlled using the following commands:
config log fortianalyzer setting set enc-algorithm {high-medium | high* | low} set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2 | TLSv1-3} end config log fortianalyzer override-setting set enc-algorithm {high-medium | high* | low} set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2 | TLSv1-3} end
FortiSandbox
For FortiSandbox, the TLS versions and the encryption algorithm are controlled using the following commands:
config system fortisandbox set enc-algorithm {default* | high | low} set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2} end
FortiManager
For central management, the TLS versions and the encryption algorithm are controlled using the following commands:
config system central-management set enc-algorithm {default | high* | low} end
Encryption algorithm security level
Option |
Description |
---|---|
*high-medium/ default |
SSL communication with high and medium encryption algorithms. |
high |
SSL communication with high encryption algorithm |
low |
SSL communication with low encryption algorithms. |
*disable |
Disable SSL communication. |
Encryption algorithm security levels marked with an asterisk (*) are not supported across different products. |