Fortinet white logo
Fortinet white logo

Administration Guide

TLS configuration

TLS configuration

The minimum TLS version that is used for local out connections from the FortiProxy can be configured in the CLI:

config system global
    set ssl-min-proto-version {SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2 | TLSv1-3}
end

By default, the minimum version is TLSv1.2. The FortiProxy will try to negotiate a connection using the configured version or higher. If the server that FortiProxy is connecting to does not support the version, then the connection will not be made. Some FortiCloud and FortiGuard services do not support TLSv1.3.

Minimum SSL/TLS versions can also be configured individually for the following settings, not all of which support TLSv1.3:

Setting

CLI

TLSv1.3 Support

Email server

config system email-server

No

Certificate

config vpn certificate setting

No

FortiSandbox

config system fortisandbox

No

FortiGuard

config log fortiguard setting

No

FortiAnalyzer

config log fortianalyzer setting

No

Syslog

config log syslogd setting

No

User Authentication

config user setting

Yes

LDAP server

config user ldap

No

POP3 server

config user pop3

No

Exchange server

config user exchange

No

TLS configuration

TLS configuration

The minimum TLS version that is used for local out connections from the FortiProxy can be configured in the CLI:

config system global
    set ssl-min-proto-version {SSLv3 | TLSv1 | TLSv1-1 | TLSv1-2 | TLSv1-3}
end

By default, the minimum version is TLSv1.2. The FortiProxy will try to negotiate a connection using the configured version or higher. If the server that FortiProxy is connecting to does not support the version, then the connection will not be made. Some FortiCloud and FortiGuard services do not support TLSv1.3.

Minimum SSL/TLS versions can also be configured individually for the following settings, not all of which support TLSv1.3:

Setting

CLI

TLSv1.3 Support

Email server

config system email-server

No

Certificate

config vpn certificate setting

No

FortiSandbox

config system fortisandbox

No

FortiGuard

config log fortiguard setting

No

FortiAnalyzer

config log fortianalyzer setting

No

Syslog

config log syslogd setting

No

User Authentication

config user setting

Yes

LDAP server

config user ldap

No

POP3 server

config user pop3

No

Exchange server

config user exchange

No