Fortinet black logo

CLI Reference

system security crypto

system security crypto

Use this command to modify protocol specific crypto configuration.

Syntax

config system security crypto

edit http

set custom-ciphers <ciphers>

set dh-params {1024 | 2048 | 3072 | 4096}

set ssl-versions {tls1_0 | tls1_1 | tls1_2 | tls1_3}

set status {enable | disable}

set strong-crypto {enable | disable}

edit mail

set custom-ciphers <ciphers>

set dh-params {1024 | 2048 | 3072 | 4096}

set ssl-versions {tls1_0 | tls1_1 | tls1_2 | tls1_3}

set status {enable | disable}

set strong-crypto {enable | disable}

end

Variable

Description

Default

custom-ciphers <ciphers>

Add ciphers by typing +cipher_names separated by spaces, such as +RC4-SHA +CAMELLIA256-SHA. Delete ciphers by typing -cipher_names separated by spaces, such as -RC4-SHA -CAMELLIA256-SHA.

Type ? to see all the supported regular and strong ciphers. The available ciphers for addition are listed under Available ciphers; the Selected ciphers list the ones that have already been added. You can remove ciphers from the Selected ciphers list.

dh-params {1024 | 2048 | 3072 | 4096}

Enter the minimum size in bits of the Diffie-Hellman prime.

1024

ssl-versions {tls1_0 | tls1_1 | tls1_2 | tls1_3}

Enter the SSL protocol version enabled.

tls1_1, tls1_2, tls1_3

status {enable | disable}

Enable the protocol specific crypto.

disable

strong-crypto {enable | disable}

Use strong ciphers and digests.

enable

system security crypto

Use this command to modify protocol specific crypto configuration.

Syntax

config system security crypto

edit http

set custom-ciphers <ciphers>

set dh-params {1024 | 2048 | 3072 | 4096}

set ssl-versions {tls1_0 | tls1_1 | tls1_2 | tls1_3}

set status {enable | disable}

set strong-crypto {enable | disable}

edit mail

set custom-ciphers <ciphers>

set dh-params {1024 | 2048 | 3072 | 4096}

set ssl-versions {tls1_0 | tls1_1 | tls1_2 | tls1_3}

set status {enable | disable}

set strong-crypto {enable | disable}

end

Variable

Description

Default

custom-ciphers <ciphers>

Add ciphers by typing +cipher_names separated by spaces, such as +RC4-SHA +CAMELLIA256-SHA. Delete ciphers by typing -cipher_names separated by spaces, such as -RC4-SHA -CAMELLIA256-SHA.

Type ? to see all the supported regular and strong ciphers. The available ciphers for addition are listed under Available ciphers; the Selected ciphers list the ones that have already been added. You can remove ciphers from the Selected ciphers list.

dh-params {1024 | 2048 | 3072 | 4096}

Enter the minimum size in bits of the Diffie-Hellman prime.

1024

ssl-versions {tls1_0 | tls1_1 | tls1_2 | tls1_3}

Enter the SSL protocol version enabled.

tls1_1, tls1_2, tls1_3

status {enable | disable}

Enable the protocol specific crypto.

disable

strong-crypto {enable | disable}

Use strong ciphers and digests.

enable