Fortinet black logo

Administration Guide

FortiGate encryption algorithm cipher suites

FortiGate encryption algorithm cipher suites

FortiGates use SSL/TLS encryption for HTTPS and SSH administrative access, and SSL VPN remote access. When establishing an SSL/TLS or SSH connection, you can control the encryption level and the ciphers that are used in order to control the security level.

HTTPS access

HTTP administrative access encryption is controlled using the following commands:

config system global
    set strong-crypto {enable | disable}
    set admin-https-ssl-versions {tlsv1-1 tlsv1-2 tlsv1-3}
    set admin-https-ssl-ciphersuites {<cipher_1> ... <cipher_n>}
    set admin-https-ssl-banned-ciphers {<cipher_1> ... <cipher_n>}
end

When strong encryption is enabled, only TLS 1.2 and TLS 1.3 are allowed. If strong encryption is then disabled, TLS 1.1 has to be manually enabled.

Setting admin-https-ssl-ciphersuites controls which cipher suites are offered in TLS 1.3. TLS 1.2 and lower are not affected by this command. To disable all TLS 1.3 cipher suites, remove TLS1-3 from admin-https-ssl-versions.

Setting admin-https-ssl-banned-ciphers controls which cipher technologies will not be offered for TLS 1.2 and lower.

Specific cipher suites are supported by each TLS version:

TLS version

Supported cipher suites

TLS 1.11

ECDHE-RSA-AES256-SHA1

AES256-SHA1

ECDHE-RSA-AES128-SHA1

AES128-SHA1

TLS 1.2

ECDHE-RSA-AES256-GCM-SHA384

AES256-GCM-SHA3841

ECDHE-RSA-AES128-GCM-SHA256

AES128-GCM-SHA2561

ECDHE-RSA-CHACHA20-POLY1305

AES256-SHA256

ECDHE-RSA-AES256-SHA384

AES128-SHA256

ECDHE-RSA-AES128-SHA256

AES256-SHA1

ECDHE-RSA-AES256-SHA1

AES128-SHA1

ECDHE-RSA-AES128-SHA1

TLS 1.3

TLS-AES-128-GCM-SHA256

TLS-AES-128-CCM-8-SHA256

TLS-AES-256-GCM-SHA384

TLS-CHACHA20-POLY1305-SHA256

TLS-AES-128-CCM-SHA256

1 Disabled if strong encryption (strong-crypto) is enabled.

SSH access

SSH access encryption is controlled using the following command:

config system global
    set admin-ssh-v1 {enable | disable}
    set strong-crypto {enable | disable} 
    set ssh-enc-algo <algo_1> [<algo_2> ... <algo_n>]
    set ssh-kex-algo <algo_1> [<algo_2> ... <algo_n>]
    set ssh-mac-algo <algo_1> [<algo_2> ... <algo_n>]
end

The algorithms available when configuring set ssh-enc-algo are affected by set strong-crypto as follows:

Strong encryption setting

Supported ciphers

Enabled

chacha20-poly1305@openssh.com

aes256-ctr

aes256-gcm@openssh.com

Disabled

chacha20-poly1305@openssh.com aes128-ctr
aes192-ctr aes256-ctr
arcfour256 arcfour128
aes128-cbc 3des-cbc

blowfish-cbc

cast128-cbc

aes192-cbc

aes256-cbc

arcfour

rijndael-cbc@lysator.liu.se

aes128-gcm@openssh.com

aes256-gcm@openssh.com

The following options are available for the ssh-kex-algo algorithm based on the strong encryption setting:

Strong encryption setting

Supported ciphers

Enabled

diffie-hellman-group-exchange-sha256

curve25519-sha256@libssh.org

ecdh-sha2-nistp256

ecdh-sha2-nistp384

ecdh-sha2-nistp521

Disabled

diffie-hellman-group14-sha1

diffie-hellman-group-exchange-sha1

diffie-hellman-group-exchange-sha256

curve25519-sha256@libssh.org

ecdh-sha2-nistp256

ecdh-sha2-nistp384

ecdh-sha2-nistp521

The following options are available for the ssh-mac-algo algorithm based on the strong encryption setting:

Strong encryption setting

Supported ciphers

Enabled

hmac-sha2-256

hmac-sha2-256-etm@openssh.com

hmac-sha2-512

hmac-sha2-512-etm@openssh.com

Disabled

hmac-md5

hmac-md5-etm@openssh.com

hmac-md5-96

hmac-md5-96-etm@openssh.com

hmac-sha1

hmac-sha1-etm@openssh.com

hmac-sha2-256

hmac-sha2-256-etm@openssh.com

hmac-sha2-512

hmac-sha2-512-etm@openssh.com

hmac-ripemd160

hmac-ripemd160@openssh.com

hmac-ripemd160-etm@openssh.com

umac-64@openssh.com

umac-128@openssh.com

umac-64-etm@openssh.com

umac-128-etm@openssh.com

SSL VPN

For SSL VPN connections, the TLS versions and cipher suites are controlled using the following commands:

config vpn ssl setting
    set algorithm {high | medium | low}
    set ssl-max-proto-ver {tls1-0 | tls1-1 | tls1-2 | tls1-3}
    set ssl-min-proto-ver {tls1-0 | tls1-1 | tls1-2 | tls1-3}
    set ciphersuite {TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256 TLS-AES-128-CCM-SHA256 TLS-AES-128-CCM-8-SHA256}
end
Note

Only cipher suites supported by TLS 1.3 can be set using the set ciphersuite command.

When the SSL VPN security level (algorithm) is set to high, only high levels are allowed. When it is set to medium, high and medium levels are allowed. When it is set to low, any level is allowed.

The strong encryption (strong-crypto) command has no effect on the SSL VPN encryption level or ciphers.

Specific cipher suites are supported by each TLS version:

TLS version

Supported cipher suites

TLS 1.0

ECDHE-RSA-AES256-SHA

DHE-RSA-CAMELLIA128-SHA

DHE-RSA-AES256-SHA

AES128-SHA

DHE-RSA-CAMELLIA256-SHA

SEED-SHA1

AES256-SHA

CAMELLIA128-SHA

CAMELLIA256-SHA

ECDHE-RSA-DES-CBC3-SHA1*

ECDHE-RSA-AES128-SHA

EDH-RSA-DES-CBC3-SHA1*

DHE-RSA-AES128-SHA1

DES-CBC3-SHA1*

DHE-RSA-SEED-SHA

TLS 1.1

ECDHE-RSA-AES256-SHA

DHE-RSA-CAMELLIA128-SHA

DHE-RSA-AES256-SHA

AES128-SHA

DHE-RSA-CAMELLIA256-SHA

SEED-SHA1

AES256-SHA

CAMELLIA128-SHA

CAMELLIA256-SHA

ECDHE-RSA-DES-CBC3-SHA1*

ECDHE-RSA-AES128-SHA

EDH-RSA-DES-CBC3-SHA1*

DHE-RSA-AES128-SHA

DES-CBC3-SHA1*

DHE-RSA-SEED-SHA1

TLS 1.2

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES128-SHA

ECDHE-RSA-AES256-SHA384

DHE-RSA-AES128-GCM-SHA256

ECDHE-RSA-AES256-SHA

DHE-RSA-AES128-CCM8

DHE-RSA-AES256-GCM-SHA384

DHE-RSA-AES128-CCM

ECDHE-RSA-CHACHA20-POLY1305

AES128-CCM8

DHE-RSA-CHACHA20-POLY1305

AES128-CCM

DHE-RSA-AES256-CCM8

DHE-RSA-AES128-SHA256

DHE-RSA-AES256-CCM

DHE-RSA-AES128-SHA

DHE-RSA-AES256-SHA256

ECDHE-RSA-CAMELLIA128-SHA256

DHE-RSA-AES256-SHA

DHE-RSA-CAMELLIA128-SHA256

ECDHE-RSA-CAMELLIA256-SHA384

DHE-RSA-SEED-SHA1

DHE-RSA-CAMELLIA256-SHA256

DHE-RSA-CAMELLIA128-SHA

DHE-RSA-CAMELLIA256-SHA

AES128-GCM-SHA256

AES256-GCM-SHA384

AES128-SHA256

AES256-CCM8

AES128-SHA

AES256-CCM

CAMELLIA128-SHA256

AES256-SHA256

SEED-SHA1

AES256-SHA

CAMELLIA128-SHA

CAMELLIA256-SHA256

ARIA128-GCM-SHA256

CAMELLIA256-SHA

DHE-RSA-ARIA128-GCM-SHA256

ARIA256-GCM-SHA384

ECDHE-ARIA128-GCM-SHA256

DHE-RSA-ARIA256-GCM-SHA384

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-ARIA256-GCM-SHA384

ECDHE-RSA-DES-CBC3-SHA1*

ECDHE-RSA-AES128-GCM-SHA256

EDH-RSA-DES-CBC3-SHA1*

ECDHE-RSA-AES128-SHA256

DES-CBC3-SHA1*

TLS 1.3

TLS_AES_256_GCM_SHA384

TLS_AES_128_CCM_SHA256

TLS_CHACHA20_POLY1305_SHA256

TLS_AES_128_CCM_8_SHA256

TLS_AES_128_GCM_SHA256

1 This cipher is not available when the SSL VPN security level (algorithm) is set to high.

* This cipher is not available when the SSL VPN security level (algorithm) is set to medium.

Additional features

Security hardening for other FortiOS features can also be achieved by managing the encryption level or ciphers. See SSL algorithm security level for more information about different levels of security.

Note

An asterisk (*) represents the default values for each feature.

Some of these features are described next.

WAN optimization

For WAN optimization tunnel connections, the encryption algorithm is controlled using the following commands:

config wanopt settings
    set tunnel-ssl-algorithm {high* | medium | low}
end

Explicit FTP proxy

For explicit FTP proxy, the encryption algorithm is controlled using the following commands:

config ftp-proxy explicit
    set ssl-algorithm { high* | medium | low}
end

Explicit web proxy

For explicit web proxy, the encryption algorithm is controlled using the following commands:

config web-proxy explicit
    set ssl-algorithm {high | medium | low*}
end

SSL Server

For SSL server, the TLS versions and the encryption algorithm are controlled using the following commands:

config firewall ssl-server
    edit <name>
        set ssl-algorithm {high* |medium | low}
        set ssl-max-version {tls-1.0* |tls-1.1 | tls-1.2 | tls-1.3}
        set ssl-min-version {tls-1.0 |tls-1.1 | tls-1.2 | tls-1.3*}
    next
end

VIP

For VIP, the TLS versions and the encryption algorithm are controlled using the following commands:

config firewall vip
        set ssl-max-version {ssl-3.0|tls-1.1 | tls1-2 | tls-1.3* | client}
        set ssl-min-version {ssl-3.0|tls-1.1* | tls1-2 | tls-1.3 |client}
        set ssl-algorithm {high* | medium | low | custom}
        config ssl-cipher-suites
            edit <priority>
                set cipher {TLS-AES-128-GCM-SHA256 | TLS-AES-256-GCM-SHA384|...}
                set versions {option1}, {option2}, ...
            next
        end
        set ssl-server-max-version [ssl-3.0|tls-1.1 | tls1-2 | tls-1.3 | client*}        
        set ssl-server-min-version [ssl-3.0|tls-1.1 | tls1-2 | tls-1.3 | client*}

        set ssl-server-algorithm {high | medium | low | custom | client* }
        config ssl-server-cipher-suites
            edit <priority>
                set cipher {TLS-AES-128-GCM-SHA256 | TLS-AES-256-GCM-SHA384|...}
                set versions {option1}, {option2}, ...
            next
        end
    next
end
Note

The commands config ssl-server-cipher-suites and config ssl-cipher-suites are only available when set ssl-algorithm and set ssl-server-algorithm are set to custom. It is recommended to exercise caution when manually configuring cipher suites, as selecting a cipher with an incompatible version may result in unexpected issues.

VoIP

For VoIP, the TLS versions and the encryption algorithm are controlled using the following commands:

config voip profile
      edit <name>
     config sip
        set ssl-algorithm {high* |medium | low}
        set ssl-max-version {ssl-3.0 | tls-1.0* |tls-1.1 | tls-1.2 | tls-1.3}
        set ssl-min-version {ssl-3.0 | tls-1.0 |tls-1.1 | tls-1.2 | tls-1.3*}
    next
end

SSL algorithm security level

Option

Description

high

High encryption. Allow only AES and ChaCha.

medium

Medium encryption. Allow AES, ChaCha, 3DES, and RC4.

low

Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.

*custom

Custom encryption. Use ssl-server-cipher-suites to select the cipher suites that are allowed.

*client

Use the same encryption algorithms for both client and server sessions.

Note

The SSL algorithm security levels marked with an asterisk (*) are not supported across different FortiOS features.

Other Products

The security level of communication to and from FortiOS can be managed by controlling the encryption level and ciphers used. See Encryption algorithm security level for more information about different levels of security.

Note

An asterisk (*) represents the default value for each product.

Some products that commonly interact with the FortiGate device are listed next.

syslog server

For syslog server, the TLS versions and the encryption algorithm are controlled using the following commands:

config log syslogd setting
    set enc-algorithm {high-medium | high | low | disable*}
    set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2}
end
config log syslogd override-setting
    set enc-algorithm {high-medium | high | low | disable*}
    set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2}
end
Note

The command ssl-min-proto-version set to default means that the system global setting will be followed.

FortiCloud

For logging to FortiCloud, the TLS versions and the encryption algorithm are controlled using the following commands:

config log fortiguard setting
    set enc-algorithm {high-medium | high* | low}
    set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2}
end

FortiAnalyzer Cloud

For FortiAnalyzer Cloud, the TLS versions and the encryption algorithm are controlled using the following commands:

config log fortianalyzer-cloud setting
    set enc-algorithm {high-medium | high* | low}
    set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2 | TLSv1-3}
end

FortiAnalyzer

For FortiAnalyzer, the TLS versions and the encryption algorithm are controlled using the following commands:

config log fortianalyzer setting
    set enc-algorithm {high-medium | high* | low}
    set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2 | TLSv1-3}
end
config log fortianalyzer override-setting
    set enc-algorithm {high-medium | high* | low}
    set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2 | TLSv1-3}
end

FortiSandbox

For FortiSandbox, the TLS versions and the encryption algorithm are controlled using the following commands:

config system fortisandbox
    set enc-algorithm {default* | high | low}
    set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2}
end

FortiManager

For central management, the TLS versions and the encryption algorithm are controlled using the following commands:

config system central-management
    set enc-algorithm {default | high* | low}
end

Encryption algorithm security level

Option

Description

*high-medium/ default

SSL communication with high and medium encryption algorithms.

high

SSL communication with high encryption algorithm

low

SSL communication with low encryption algorithms.

*disable

Disable SSL communication.
Note

Encryption algorithm security levels marked with an asterisk (*) are not supported across different products.

FortiGate encryption algorithm cipher suites

FortiGates use SSL/TLS encryption for HTTPS and SSH administrative access, and SSL VPN remote access. When establishing an SSL/TLS or SSH connection, you can control the encryption level and the ciphers that are used in order to control the security level.

HTTPS access

HTTP administrative access encryption is controlled using the following commands:

config system global
    set strong-crypto {enable | disable}
    set admin-https-ssl-versions {tlsv1-1 tlsv1-2 tlsv1-3}
    set admin-https-ssl-ciphersuites {<cipher_1> ... <cipher_n>}
    set admin-https-ssl-banned-ciphers {<cipher_1> ... <cipher_n>}
end

When strong encryption is enabled, only TLS 1.2 and TLS 1.3 are allowed. If strong encryption is then disabled, TLS 1.1 has to be manually enabled.

Setting admin-https-ssl-ciphersuites controls which cipher suites are offered in TLS 1.3. TLS 1.2 and lower are not affected by this command. To disable all TLS 1.3 cipher suites, remove TLS1-3 from admin-https-ssl-versions.

Setting admin-https-ssl-banned-ciphers controls which cipher technologies will not be offered for TLS 1.2 and lower.

Specific cipher suites are supported by each TLS version:

TLS version

Supported cipher suites

TLS 1.11

ECDHE-RSA-AES256-SHA1

AES256-SHA1

ECDHE-RSA-AES128-SHA1

AES128-SHA1

TLS 1.2

ECDHE-RSA-AES256-GCM-SHA384

AES256-GCM-SHA3841

ECDHE-RSA-AES128-GCM-SHA256

AES128-GCM-SHA2561

ECDHE-RSA-CHACHA20-POLY1305

AES256-SHA256

ECDHE-RSA-AES256-SHA384

AES128-SHA256

ECDHE-RSA-AES128-SHA256

AES256-SHA1

ECDHE-RSA-AES256-SHA1

AES128-SHA1

ECDHE-RSA-AES128-SHA1

TLS 1.3

TLS-AES-128-GCM-SHA256

TLS-AES-128-CCM-8-SHA256

TLS-AES-256-GCM-SHA384

TLS-CHACHA20-POLY1305-SHA256

TLS-AES-128-CCM-SHA256

1 Disabled if strong encryption (strong-crypto) is enabled.

SSH access

SSH access encryption is controlled using the following command:

config system global
    set admin-ssh-v1 {enable | disable}
    set strong-crypto {enable | disable} 
    set ssh-enc-algo <algo_1> [<algo_2> ... <algo_n>]
    set ssh-kex-algo <algo_1> [<algo_2> ... <algo_n>]
    set ssh-mac-algo <algo_1> [<algo_2> ... <algo_n>]
end

The algorithms available when configuring set ssh-enc-algo are affected by set strong-crypto as follows:

Strong encryption setting

Supported ciphers

Enabled

chacha20-poly1305@openssh.com

aes256-ctr

aes256-gcm@openssh.com

Disabled

chacha20-poly1305@openssh.com aes128-ctr
aes192-ctr aes256-ctr
arcfour256 arcfour128
aes128-cbc 3des-cbc

blowfish-cbc

cast128-cbc

aes192-cbc

aes256-cbc

arcfour

rijndael-cbc@lysator.liu.se

aes128-gcm@openssh.com

aes256-gcm@openssh.com

The following options are available for the ssh-kex-algo algorithm based on the strong encryption setting:

Strong encryption setting

Supported ciphers

Enabled

diffie-hellman-group-exchange-sha256

curve25519-sha256@libssh.org

ecdh-sha2-nistp256

ecdh-sha2-nistp384

ecdh-sha2-nistp521

Disabled

diffie-hellman-group14-sha1

diffie-hellman-group-exchange-sha1

diffie-hellman-group-exchange-sha256

curve25519-sha256@libssh.org

ecdh-sha2-nistp256

ecdh-sha2-nistp384

ecdh-sha2-nistp521

The following options are available for the ssh-mac-algo algorithm based on the strong encryption setting:

Strong encryption setting

Supported ciphers

Enabled

hmac-sha2-256

hmac-sha2-256-etm@openssh.com

hmac-sha2-512

hmac-sha2-512-etm@openssh.com

Disabled

hmac-md5

hmac-md5-etm@openssh.com

hmac-md5-96

hmac-md5-96-etm@openssh.com

hmac-sha1

hmac-sha1-etm@openssh.com

hmac-sha2-256

hmac-sha2-256-etm@openssh.com

hmac-sha2-512

hmac-sha2-512-etm@openssh.com

hmac-ripemd160

hmac-ripemd160@openssh.com

hmac-ripemd160-etm@openssh.com

umac-64@openssh.com

umac-128@openssh.com

umac-64-etm@openssh.com

umac-128-etm@openssh.com

SSL VPN

For SSL VPN connections, the TLS versions and cipher suites are controlled using the following commands:

config vpn ssl setting
    set algorithm {high | medium | low}
    set ssl-max-proto-ver {tls1-0 | tls1-1 | tls1-2 | tls1-3}
    set ssl-min-proto-ver {tls1-0 | tls1-1 | tls1-2 | tls1-3}
    set ciphersuite {TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256 TLS-AES-128-CCM-SHA256 TLS-AES-128-CCM-8-SHA256}
end
Note

Only cipher suites supported by TLS 1.3 can be set using the set ciphersuite command.

When the SSL VPN security level (algorithm) is set to high, only high levels are allowed. When it is set to medium, high and medium levels are allowed. When it is set to low, any level is allowed.

The strong encryption (strong-crypto) command has no effect on the SSL VPN encryption level or ciphers.

Specific cipher suites are supported by each TLS version:

TLS version

Supported cipher suites

TLS 1.0

ECDHE-RSA-AES256-SHA

DHE-RSA-CAMELLIA128-SHA

DHE-RSA-AES256-SHA

AES128-SHA

DHE-RSA-CAMELLIA256-SHA

SEED-SHA1

AES256-SHA

CAMELLIA128-SHA

CAMELLIA256-SHA

ECDHE-RSA-DES-CBC3-SHA1*

ECDHE-RSA-AES128-SHA

EDH-RSA-DES-CBC3-SHA1*

DHE-RSA-AES128-SHA1

DES-CBC3-SHA1*

DHE-RSA-SEED-SHA

TLS 1.1

ECDHE-RSA-AES256-SHA

DHE-RSA-CAMELLIA128-SHA

DHE-RSA-AES256-SHA

AES128-SHA

DHE-RSA-CAMELLIA256-SHA

SEED-SHA1

AES256-SHA

CAMELLIA128-SHA

CAMELLIA256-SHA

ECDHE-RSA-DES-CBC3-SHA1*

ECDHE-RSA-AES128-SHA

EDH-RSA-DES-CBC3-SHA1*

DHE-RSA-AES128-SHA

DES-CBC3-SHA1*

DHE-RSA-SEED-SHA1

TLS 1.2

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES128-SHA

ECDHE-RSA-AES256-SHA384

DHE-RSA-AES128-GCM-SHA256

ECDHE-RSA-AES256-SHA

DHE-RSA-AES128-CCM8

DHE-RSA-AES256-GCM-SHA384

DHE-RSA-AES128-CCM

ECDHE-RSA-CHACHA20-POLY1305

AES128-CCM8

DHE-RSA-CHACHA20-POLY1305

AES128-CCM

DHE-RSA-AES256-CCM8

DHE-RSA-AES128-SHA256

DHE-RSA-AES256-CCM

DHE-RSA-AES128-SHA

DHE-RSA-AES256-SHA256

ECDHE-RSA-CAMELLIA128-SHA256

DHE-RSA-AES256-SHA

DHE-RSA-CAMELLIA128-SHA256

ECDHE-RSA-CAMELLIA256-SHA384

DHE-RSA-SEED-SHA1

DHE-RSA-CAMELLIA256-SHA256

DHE-RSA-CAMELLIA128-SHA

DHE-RSA-CAMELLIA256-SHA

AES128-GCM-SHA256

AES256-GCM-SHA384

AES128-SHA256

AES256-CCM8

AES128-SHA

AES256-CCM

CAMELLIA128-SHA256

AES256-SHA256

SEED-SHA1

AES256-SHA

CAMELLIA128-SHA

CAMELLIA256-SHA256

ARIA128-GCM-SHA256

CAMELLIA256-SHA

DHE-RSA-ARIA128-GCM-SHA256

ARIA256-GCM-SHA384

ECDHE-ARIA128-GCM-SHA256

DHE-RSA-ARIA256-GCM-SHA384

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-ARIA256-GCM-SHA384

ECDHE-RSA-DES-CBC3-SHA1*

ECDHE-RSA-AES128-GCM-SHA256

EDH-RSA-DES-CBC3-SHA1*

ECDHE-RSA-AES128-SHA256

DES-CBC3-SHA1*

TLS 1.3

TLS_AES_256_GCM_SHA384

TLS_AES_128_CCM_SHA256

TLS_CHACHA20_POLY1305_SHA256

TLS_AES_128_CCM_8_SHA256

TLS_AES_128_GCM_SHA256

1 This cipher is not available when the SSL VPN security level (algorithm) is set to high.

* This cipher is not available when the SSL VPN security level (algorithm) is set to medium.

Additional features

Security hardening for other FortiOS features can also be achieved by managing the encryption level or ciphers. See SSL algorithm security level for more information about different levels of security.

Note

An asterisk (*) represents the default values for each feature.

Some of these features are described next.

WAN optimization

For WAN optimization tunnel connections, the encryption algorithm is controlled using the following commands:

config wanopt settings
    set tunnel-ssl-algorithm {high* | medium | low}
end

Explicit FTP proxy

For explicit FTP proxy, the encryption algorithm is controlled using the following commands:

config ftp-proxy explicit
    set ssl-algorithm { high* | medium | low}
end

Explicit web proxy

For explicit web proxy, the encryption algorithm is controlled using the following commands:

config web-proxy explicit
    set ssl-algorithm {high | medium | low*}
end

SSL Server

For SSL server, the TLS versions and the encryption algorithm are controlled using the following commands:

config firewall ssl-server
    edit <name>
        set ssl-algorithm {high* |medium | low}
        set ssl-max-version {tls-1.0* |tls-1.1 | tls-1.2 | tls-1.3}
        set ssl-min-version {tls-1.0 |tls-1.1 | tls-1.2 | tls-1.3*}
    next
end

VIP

For VIP, the TLS versions and the encryption algorithm are controlled using the following commands:

config firewall vip
        set ssl-max-version {ssl-3.0|tls-1.1 | tls1-2 | tls-1.3* | client}
        set ssl-min-version {ssl-3.0|tls-1.1* | tls1-2 | tls-1.3 |client}
        set ssl-algorithm {high* | medium | low | custom}
        config ssl-cipher-suites
            edit <priority>
                set cipher {TLS-AES-128-GCM-SHA256 | TLS-AES-256-GCM-SHA384|...}
                set versions {option1}, {option2}, ...
            next
        end
        set ssl-server-max-version [ssl-3.0|tls-1.1 | tls1-2 | tls-1.3 | client*}        
        set ssl-server-min-version [ssl-3.0|tls-1.1 | tls1-2 | tls-1.3 | client*}

        set ssl-server-algorithm {high | medium | low | custom | client* }
        config ssl-server-cipher-suites
            edit <priority>
                set cipher {TLS-AES-128-GCM-SHA256 | TLS-AES-256-GCM-SHA384|...}
                set versions {option1}, {option2}, ...
            next
        end
    next
end
Note

The commands config ssl-server-cipher-suites and config ssl-cipher-suites are only available when set ssl-algorithm and set ssl-server-algorithm are set to custom. It is recommended to exercise caution when manually configuring cipher suites, as selecting a cipher with an incompatible version may result in unexpected issues.

VoIP

For VoIP, the TLS versions and the encryption algorithm are controlled using the following commands:

config voip profile
      edit <name>
     config sip
        set ssl-algorithm {high* |medium | low}
        set ssl-max-version {ssl-3.0 | tls-1.0* |tls-1.1 | tls-1.2 | tls-1.3}
        set ssl-min-version {ssl-3.0 | tls-1.0 |tls-1.1 | tls-1.2 | tls-1.3*}
    next
end

SSL algorithm security level

Option

Description

high

High encryption. Allow only AES and ChaCha.

medium

Medium encryption. Allow AES, ChaCha, 3DES, and RC4.

low

Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.

*custom

Custom encryption. Use ssl-server-cipher-suites to select the cipher suites that are allowed.

*client

Use the same encryption algorithms for both client and server sessions.

Note

The SSL algorithm security levels marked with an asterisk (*) are not supported across different FortiOS features.

Other Products

The security level of communication to and from FortiOS can be managed by controlling the encryption level and ciphers used. See Encryption algorithm security level for more information about different levels of security.

Note

An asterisk (*) represents the default value for each product.

Some products that commonly interact with the FortiGate device are listed next.

syslog server

For syslog server, the TLS versions and the encryption algorithm are controlled using the following commands:

config log syslogd setting
    set enc-algorithm {high-medium | high | low | disable*}
    set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2}
end
config log syslogd override-setting
    set enc-algorithm {high-medium | high | low | disable*}
    set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2}
end
Note

The command ssl-min-proto-version set to default means that the system global setting will be followed.

FortiCloud

For logging to FortiCloud, the TLS versions and the encryption algorithm are controlled using the following commands:

config log fortiguard setting
    set enc-algorithm {high-medium | high* | low}
    set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2}
end

FortiAnalyzer Cloud

For FortiAnalyzer Cloud, the TLS versions and the encryption algorithm are controlled using the following commands:

config log fortianalyzer-cloud setting
    set enc-algorithm {high-medium | high* | low}
    set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2 | TLSv1-3}
end

FortiAnalyzer

For FortiAnalyzer, the TLS versions and the encryption algorithm are controlled using the following commands:

config log fortianalyzer setting
    set enc-algorithm {high-medium | high* | low}
    set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2 | TLSv1-3}
end
config log fortianalyzer override-setting
    set enc-algorithm {high-medium | high* | low}
    set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2 | TLSv1-3}
end

FortiSandbox

For FortiSandbox, the TLS versions and the encryption algorithm are controlled using the following commands:

config system fortisandbox
    set enc-algorithm {default* | high | low}
    set ssl-min-proto-version {default* | SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2}
end

FortiManager

For central management, the TLS versions and the encryption algorithm are controlled using the following commands:

config system central-management
    set enc-algorithm {default | high* | low}
end

Encryption algorithm security level

Option

Description

*high-medium/ default

SSL communication with high and medium encryption algorithms.

high

SSL communication with high encryption algorithm

low

SSL communication with low encryption algorithms.

*disable

Disable SSL communication.
Note

Encryption algorithm security levels marked with an asterisk (*) are not supported across different products.