DOCUMENT LIBRARY

CLI Reference

Using the CLI
config
execute
- backup
- backup-restore
- blocklist
- certificate
- checklogdisk
- checkmaildisk
- cleanqueue
- create
- date
- db
- dlp
- endpoint
- erase-filesystem
- factoryreset
- factoryreset config
- factoryreset config2
- factoryreset disk
- factoryreset keeplicense
- factoryreset shutdown
- factoryreset2
- factoryreset2 keeplicense
- fips
- formatlogdisk
- formatmaildisk
- formatmaildisk-backup
- forticloud
- ha commands
- ibe data
- ibe user
- license
- lvm
- maintain
- nslookup
- partitionlogdisk
- ping
- ping-option
- ping6
- ping6-option
- raid
- reboot
- reload
- restore as
- restore av
- restore config
- restore image
- restore mail-queues
- safelist
- sched-backup
- shutdown
- smtptest
- ssh
- storage
- telnettest
- traceroute
- update
- user-config
- vm
get
- system performance
- system status
show & show full-configuration
Change Log

Home FortiMail 7.2.5 CLI Reference

7.2.5

system security crypto

system security crypto

Use this command to modify protocol specific crypto configuration.

Syntax

config system security crypto

edit http

set custom-ciphers <ciphers>

set dh-params {1024 | 2048 | 3072 | 4096}

set ssl-versions {tls1_0 | tls1_1 | tls1_2 | tls1_3}

set status {enable | disable}

set strong-crypto {enable | disable}

edit mail

set custom-ciphers <ciphers>

set dh-params {1024 | 2048 | 3072 | 4096}

set ssl-versions {tls1_0 | tls1_1 | tls1_2 | tls1_3}

set status {enable | disable}

set strong-crypto {enable | disable}

end

Variable	Description	Default
custom-ciphers <ciphers>	Add ciphers by typing +cipher_names separated by spaces, such as +RC4-SHA +CAMELLIA256-SHA. Delete ciphers by typing -cipher_names separated by spaces, such as -RC4-SHA -CAMELLIA256-SHA. Type ? to see all the supported regular and strong ciphers. The available ciphers for addition are listed under Available ciphers; the Selected ciphers list the ones that have already been added. You can remove ciphers from the Selected ciphers list.
dh-params {1024 \| 2048 \| 3072 \| 4096}	Enter the minimum size in bits of the Diffie-Hellman prime.	1024
ssl-versions {tls1_0 \| tls1_1 \| tls1_2 \| tls1_3}	Enter the SSL protocol version enabled.	tls1_1, tls1_2, tls1_3
status {enable \| disable}	Enable the protocol specific crypto.	disable
strong-crypto {enable \| disable}	Use strong ciphers and digests.	enable

Previous

Next

system security crypto

system security crypto

Use this command to modify protocol specific crypto configuration.

Syntax

config system security crypto

edit http

set custom-ciphers <ciphers>

set dh-params {1024 | 2048 | 3072 | 4096}

set ssl-versions {tls1_0 | tls1_1 | tls1_2 | tls1_3}

set status {enable | disable}

set strong-crypto {enable | disable}

edit mail

set custom-ciphers <ciphers>

set dh-params {1024 | 2048 | 3072 | 4096}

set ssl-versions {tls1_0 | tls1_1 | tls1_2 | tls1_3}

set status {enable | disable}

set strong-crypto {enable | disable}

end

Variable	Description	Default
custom-ciphers <ciphers>	Add ciphers by typing +cipher_names separated by spaces, such as +RC4-SHA +CAMELLIA256-SHA. Delete ciphers by typing -cipher_names separated by spaces, such as -RC4-SHA -CAMELLIA256-SHA. Type ? to see all the supported regular and strong ciphers. The available ciphers for addition are listed under Available ciphers; the Selected ciphers list the ones that have already been added. You can remove ciphers from the Selected ciphers list.
dh-params {1024 \| 2048 \| 3072 \| 4096}	Enter the minimum size in bits of the Diffie-Hellman prime.	1024
ssl-versions {tls1_0 \| tls1_1 \| tls1_2 \| tls1_3}	Enter the SSL protocol version enabled.	tls1_1, tls1_2, tls1_3
status {enable \| disable}	Enable the protocol specific crypto.	disable
strong-crypto {enable \| disable}	Use strong ciphers and digests.	enable

Previous

Next