Fortinet Document Library

Version:


Table of Contents

User Guide

Download PDF
Copy Link

Supported cipher suites & protocol versions

A secure connection’s protocol version and cipher suite, including encryption bit strength and encryption algorithms, is negotiated between the client and the SSL/TLS terminator during the handshake.

You can specify which protocols are allowed and whether the set of cipher suites it supports is medium-level security or high-level security.

The SSL/TLS encryption level settings provides the following options:

High/medium SSL/TLS encryption levels
Cipher TLS 1.3 TLS 1.2 TLS 1.0, 1.1
AES_256_GCM_SHA384 Yes    
CHACHA20_POLY1305_SHA256 Yes    
AES_128_GCM_SHA256 Yes    
ECDHE-RSA-AES256-GCM-SHA384   Yes  
DHE-RSA-AES256-GCM-SHA384   Yes  
ECDHE-RSA-CHACHA20-POLY1305   Yes  
DHE-RSA-CHACHA20-POLY1305   Yes  
DHE-RSA-AES256-CCM8   Yes  
DHE-RSA-AES256-CCM   Yes  
ECDHE-RSA-AES128-GCM-SHA256   Yes  
DHE-RSA-AES128-GCM-SHA256   Yes  
DHE-RSA-AES128-CCM8   Yes  
DHE-RSA-AES128-CCM   Yes  
ECDHE-RSA-AES256-SHA384   Yes  
DHE-RSA-AES256-SHA256   Yes  
ECDHE-RSA-CAMELLIA256-SHA384   Yes  
DHE-RSA-CAMELLIA256-SHA256   Yes  
ECDHE-RSA-AES128-SHA256   Yes  
DHE-RSA-AES128-SHA256   Yes  
ECDHE-RSA-CAMELLIA128-SHA256   Yes  
DHE-RSA-CAMELLIA128-SHA256   Yes  

DHE-RSA-CAMELLIA128-SHA

 

Yes

Yes

ECDHE-RSA-AES256-SHA   Yes Yes
DHE-RSA-AES256-SHA   Yes Yes
DHE-RSA-CAMELLIA256-SHA   Yes Yes
ECDHE-RSA-AES128-SHA   Yes Yes
DHE-RSA-AES128-SHA   Yes Yes
AES256-GCM-SHA384   Yes  
AES256-CCM8   Yes  
AES256-CCM   Yes  
AES128-GCM-SHA256   Yes  
AES128-CCM8   Yes  
AES128-CCM   Yes  
AES256-SHA256   Yes  
CAMELLIA256-SHA256   Yes  

CAMELLIA256-SHA

 

Yes

Yes

CAMELLIA128-SHA

 

Yes

Yes

AES128-SHA256   Yes  
CAMELLIA128-SHA256   Yes  
AES256-SHA   Yes Yes
AES128-SHA   Yes Yes
ECDHE-ECDSA-AES256-GCM-SHA384   Yes  
ECDHE-ECDSA-CHACHA20-POLY1305   Yes  
ECDHE-ECDSA-AES256-CCM8   Yes  
ECDHE-ECDSA-AES256-CCM   Yes  
ECDHE-ECDSA-AES128-GCM-SHA256   Yes  
ECDHE-ECDSA-AES128-CCM8   Yes  
ECDHE-ECDSA-AES128-CCM   Yes  
ECDHE-ECDSA-AES256-SHA384   Yes  
ECDHE-ECDSA-CAMELLIA256-SHA384   Yes  
ECDHE-ECDSA-AES128-SHA256   Yes  
ECDHE-ECDSA-CAMELLIA128-SHA256   Yes  
ECDHE-ECDSA-AES256-SHA   Yes Yes
ECDHE-ECDSA-AES128-SHA   Yes Yes
DHE-DSS-AES256-GCM-SHA384   Yes  
DHE-DSS-AES128-GCM-SHA256   Yes  
DHE-DSS-AES256-SHA256   Yes  
DHE-DSS-CAMELLIA256-SHA256   Yes  
DHE-DSS-AES128-SHA256   Yes  
DHE-DSS-CAMELLIA128-SHA256   Yes  

DHE-DSS-CAMELLIA128-SHA

 

Yes

 

DHE-DSS-AES256-SHA   Yes Yes
DHE-DSS-CAMELLIA256-SHA   Yes Yes
DHE-DSS-AES128-SHA   Yes Yes

ECDHE-ARIA128-GCM-SHA256

 

Yes

 

DHE-RSA-ARIA128-GCM-SHA256

 

Yes

 

DHE-RSA-ARIA256-GCM-SHA384

 

Yes

 

ECDHE-ARIA256-GCM-SHA384

 

Yes

 

ARIA256-GCM-SHA384

 

Yes

 

ARIA128-GCM-SHA256

 

Yes

 

ECDHE-ECDSA-ARIA256-GCM-SHA384

 

Yes

 

ECDHE-ECDSA-ARIA128-GCM-SHA256

 

Yes

 

DHE-DSS-ARIA256-GCM-SHA384

 

Yes

 

DHE-DSS-ARIA128-GCM-SHA256

 

Yes

 

Medium-only SSL/TLS encryption levels
Cipher TLS 1.3 TLS 1.2 TLS 1.0, 1.1
DHE-RSA-SEED-SHA   Yes Yes
DHE-DSS-SEED-SHA   Yes Yes
IDEA-CBC-SHA     Yes
SEED-SHA   Yes Yes
DHE-DSS-SEED-SHA   Yes Yes
IDEA-CBC-SHA   Yes Yes
SEED-SHA   Yes Yes
Customized-only SSL/TLS encryption levels
Cipher TLS 1.3 TLS 1.2 TLS 1.0, 1.1
AES_128_CCM_SHA256 Yes    
AES_128_CCM_8_SHA256 Yes    
ECDHE_RSA_DES_CBC3_SHA   Yes Yes
DES_CBC3_SHA   Yes Yes

Generally speaking, for security reasons, SHA-1 is preferable, although you may not be able to use it for client compatibility reasons. Avoid using:

  • Older hash algorithms, such as MD5. To disable MD5, for SSL/TLS encryption level, select High.
  • Encryption bit strengths less than 128
  • Older styles of renegotiation (These are vulnerable to Man-in-the-Middle (MITM) attacks.)

Supported cipher suites & protocol versions

A secure connection’s protocol version and cipher suite, including encryption bit strength and encryption algorithms, is negotiated between the client and the SSL/TLS terminator during the handshake.

You can specify which protocols are allowed and whether the set of cipher suites it supports is medium-level security or high-level security.

The SSL/TLS encryption level settings provides the following options:

High/medium SSL/TLS encryption levels
Cipher TLS 1.3 TLS 1.2 TLS 1.0, 1.1
AES_256_GCM_SHA384 Yes    
CHACHA20_POLY1305_SHA256 Yes    
AES_128_GCM_SHA256 Yes    
ECDHE-RSA-AES256-GCM-SHA384   Yes  
DHE-RSA-AES256-GCM-SHA384   Yes  
ECDHE-RSA-CHACHA20-POLY1305   Yes  
DHE-RSA-CHACHA20-POLY1305   Yes  
DHE-RSA-AES256-CCM8   Yes  
DHE-RSA-AES256-CCM   Yes  
ECDHE-RSA-AES128-GCM-SHA256   Yes  
DHE-RSA-AES128-GCM-SHA256   Yes  
DHE-RSA-AES128-CCM8   Yes  
DHE-RSA-AES128-CCM   Yes  
ECDHE-RSA-AES256-SHA384   Yes  
DHE-RSA-AES256-SHA256   Yes  
ECDHE-RSA-CAMELLIA256-SHA384   Yes  
DHE-RSA-CAMELLIA256-SHA256   Yes  
ECDHE-RSA-AES128-SHA256   Yes  
DHE-RSA-AES128-SHA256   Yes  
ECDHE-RSA-CAMELLIA128-SHA256   Yes  
DHE-RSA-CAMELLIA128-SHA256   Yes  

DHE-RSA-CAMELLIA128-SHA

 

Yes

Yes

ECDHE-RSA-AES256-SHA   Yes Yes
DHE-RSA-AES256-SHA   Yes Yes
DHE-RSA-CAMELLIA256-SHA   Yes Yes
ECDHE-RSA-AES128-SHA   Yes Yes
DHE-RSA-AES128-SHA   Yes Yes
AES256-GCM-SHA384   Yes  
AES256-CCM8   Yes  
AES256-CCM   Yes  
AES128-GCM-SHA256   Yes  
AES128-CCM8   Yes  
AES128-CCM   Yes  
AES256-SHA256   Yes  
CAMELLIA256-SHA256   Yes  

CAMELLIA256-SHA

 

Yes

Yes

CAMELLIA128-SHA

 

Yes

Yes

AES128-SHA256   Yes  
CAMELLIA128-SHA256   Yes  
AES256-SHA   Yes Yes
AES128-SHA   Yes Yes
ECDHE-ECDSA-AES256-GCM-SHA384   Yes  
ECDHE-ECDSA-CHACHA20-POLY1305   Yes  
ECDHE-ECDSA-AES256-CCM8   Yes  
ECDHE-ECDSA-AES256-CCM   Yes  
ECDHE-ECDSA-AES128-GCM-SHA256   Yes  
ECDHE-ECDSA-AES128-CCM8   Yes  
ECDHE-ECDSA-AES128-CCM   Yes  
ECDHE-ECDSA-AES256-SHA384   Yes  
ECDHE-ECDSA-CAMELLIA256-SHA384   Yes  
ECDHE-ECDSA-AES128-SHA256   Yes  
ECDHE-ECDSA-CAMELLIA128-SHA256   Yes  
ECDHE-ECDSA-AES256-SHA   Yes Yes
ECDHE-ECDSA-AES128-SHA   Yes Yes
DHE-DSS-AES256-GCM-SHA384   Yes  
DHE-DSS-AES128-GCM-SHA256   Yes  
DHE-DSS-AES256-SHA256   Yes  
DHE-DSS-CAMELLIA256-SHA256   Yes  
DHE-DSS-AES128-SHA256   Yes  
DHE-DSS-CAMELLIA128-SHA256   Yes  

DHE-DSS-CAMELLIA128-SHA

 

Yes

 

DHE-DSS-AES256-SHA   Yes Yes
DHE-DSS-CAMELLIA256-SHA   Yes Yes
DHE-DSS-AES128-SHA   Yes Yes

ECDHE-ARIA128-GCM-SHA256

 

Yes

 

DHE-RSA-ARIA128-GCM-SHA256

 

Yes

 

DHE-RSA-ARIA256-GCM-SHA384

 

Yes

 

ECDHE-ARIA256-GCM-SHA384

 

Yes

 

ARIA256-GCM-SHA384

 

Yes

 

ARIA128-GCM-SHA256

 

Yes

 

ECDHE-ECDSA-ARIA256-GCM-SHA384

 

Yes

 

ECDHE-ECDSA-ARIA128-GCM-SHA256

 

Yes

 

DHE-DSS-ARIA256-GCM-SHA384

 

Yes

 

DHE-DSS-ARIA128-GCM-SHA256

 

Yes

 

Medium-only SSL/TLS encryption levels
Cipher TLS 1.3 TLS 1.2 TLS 1.0, 1.1
DHE-RSA-SEED-SHA   Yes Yes
DHE-DSS-SEED-SHA   Yes Yes
IDEA-CBC-SHA     Yes
SEED-SHA   Yes Yes
DHE-DSS-SEED-SHA   Yes Yes
IDEA-CBC-SHA   Yes Yes
SEED-SHA   Yes Yes
Customized-only SSL/TLS encryption levels
Cipher TLS 1.3 TLS 1.2 TLS 1.0, 1.1
AES_128_CCM_SHA256 Yes    
AES_128_CCM_8_SHA256 Yes    
ECDHE_RSA_DES_CBC3_SHA   Yes Yes
DES_CBC3_SHA   Yes Yes

Generally speaking, for security reasons, SHA-1 is preferable, although you may not be able to use it for client compatibility reasons. Avoid using:

  • Older hash algorithms, such as MD5. To disable MD5, for SSL/TLS encryption level, select High.
  • Encryption bit strengths less than 128
  • Older styles of renegotiation (These are vulnerable to Man-in-the-Middle (MITM) attacks.)