Fortinet white logo
Fortinet white logo

Administration Guide

Supported cipher suites - for connection between FortiWeb and back-end servers

Supported cipher suites - for connection between FortiWeb and back-end servers
High SSL/TLS encryption levels
Cipher TLS 1.3 TLS 1.2 TLS 1.0, 1.1

TLS_AES_256_GCM_SHA384

Yes

TLS_CHACHA20_POLY1305_SHA256

Yes

TLS_AES_128_GCM_SHA256

Yes

ECDHE-ECDSA-AES256-GCM-SHA384

Yes

ECDHE-RSA-AES256-GCM-SHA384

Yes

DHE-DSS-AES256-GCM-SHA384

Yes

DHE-RSA-AES256-GCM-SHA384

Yes

ECDHE-ECDSA-CHACHA20-POLY1305

Yes

ECDHE-RSA-CHACHA20-POLY1305

Yes

DHE-RSA-CHACHA20-POLY1305

Yes

ECDHE-ECDSA-AES256-CCM8

Yes

ECDHE-ECDSA-AES256-CCM

Yes

DHE-RSA-AES256-CCM8

Yes

DHE-RSA-AES256-CCM

Yes

ECDHE-ECDSA-ARIA256-GCM-SHA384

Yes

ECDHE-ARIA256-GCM-SHA384

Yes

DHE-DSS-ARIA256-GCM-SHA384

Yes

DHE-RSA-ARIA256-GCM-SHA384

Yes

ECDHE-ECDSA-AES128-GCM-SHA256

Yes

ECDHE-RSA-AES128-GCM-SHA256

Yes

DHE-DSS-AES128-GCM-SHA256

Yes

DHE-RSA-AES128-GCM-SHA256

Yes

ECDHE-ECDSA-AES128-CCM8

Yes

ECDHE-ECDSA-AES128-CCM

Yes

DHE-RSA-AES128-CCM8

Yes

DHE-RSA-AES128-CCM

Yes

ECDHE-ECDSA-ARIA128-GCM-SHA256

Yes

ECDHE-ARIA128-GCM-SHA256

Yes

DHE-DSS-ARIA128-GCM-SHA256

Yes

DHE-RSA-ARIA128-GCM-SHA256

Yes

ECDHE-ECDSA-AES256-SHA384

Yes

ECDHE-RSA-AES256-SHA384

Yes

DHE-RSA-AES256-SHA256

Yes

DHE-DSS-AES256-SHA256

Yes

ECDHE-ECDSA-CAMELLIA256-SHA384

Yes

ECDHE-RSA-CAMELLIA256-SHA384

Yes

DHE-RSA-CAMELLIA256-SHA256

Yes

DHE-DSS-CAMELLIA256-SHA256

Yes

Yes

ECDHE-ECDSA-AES128-SHA256

Yes

ECDHE-RSA-AES128-SHA256

Yes

DHE-RSA-AES128-SHA256

Yes

DHE-DSS-AES128-SHA256

Yes

Yes

ECDHE-ECDSA-CAMELLIA128-SHA256

Yes

ECDHE-RSA-CAMELLIA128-SHA256

Yes

DHE-RSA-CAMELLIA128-SHA256

Yes

DHE-DSS-CAMELLIA128-SHA256

Yes

ECDHE-ECDSA-AES256-SHA

Yes

Yes

ECDHE-RSA-AES256-SHA

Yes

Yes

DHE-RSA-AES256-SHA

Yes

Yes

DHE-DSS-AES256-SHA

Yes

Yes

DHE-RSA-CAMELLIA256-SHA

Yes

Yes

DHE-DSS-CAMELLIA256-SHA

Yes

ECDHE-ECDSA-AES128-SHA

Yes

Yes

ECDHE-RSA-AES128-SHA

Yes

Yes

DHE-RSA-AES128-SHA

Yes

Yes

DHE-DSS-AES128-SHA

Yes

DHE-RSA-CAMELLIA128-SHA

Yes

Yes

DHE-DSS-CAMELLIA128-SHA

Yes

Yes

AES256-GCM-SHA384

Yes

AES256-CCM8

Yes

AES256-CCM

Yes

ARIA256-GCM-SHA384

Yes

AES128-GCM-SHA256

Yes

AES128-CCM8

Yes

AES128-CCM

Yes

ARIA128-GCM-SHA256

Yes

AES256-SHA256

Yes

CAMELLIA256-SHA256

Yes

AES128-SHA256

Yes

CAMELLIA128-SHA256

Yes

AES256-SHA

Yes

Yes

CAMELLIA256-SHA

Yes

Yes

AES128-SHA

Yes

Yes

CAMELLIA128-SHA

Yes

Yes

Medium SSL/TLS encryption levels
Cipher TLS 1.3 TLS 1.2 TLS 1.0, 1.1

TLS_AES_256_GCM_SHA384

Yes

TLS_CHACHA20_POLY1305_SHA256

Yes

TLS_AES_128_GCM_SHA256

Yes

ECDHE-ECDSA-AES256-GCM-SHA384

Yes

ECDHE-RSA-AES256-GCM-SHA384

Yes

DHE-DSS-AES256-GCM-SHA384

Yes

DHE-RSA-AES256-GCM-SHA384

Yes

ECDHE-ECDSA-CHACHA20-POLY1305

Yes

ECDHE-RSA-CHACHA20-POLY1305

Yes

DHE-RSA-CHACHA20-POLY1305

Yes

ECDHE-ECDSA-AES256-CCM8

Yes

ECDHE-ECDSA-AES256-CCM

Yes

DHE-RSA-AES256-CCM8

Yes

DHE-RSA-AES256-CCM

Yes

ECDHE-ECDSA-ARIA256-GCM-SHA384

Yes

ECDHE-ARIA256-GCM-SHA384

Yes

DHE-DSS-ARIA256-GCM-SHA384

Yes

DHE-RSA-ARIA256-GCM-SHA384

Yes

ECDHE-ECDSA-AES128-GCM-SHA256

Yes

ECDHE-RSA-AES128-GCM-SHA256

Yes

DHE-DSS-AES128-GCM-SHA256

Yes

DHE-RSA-AES128-GCM-SHA256

Yes

ECDHE-ECDSA-AES128-CCM8

Yes

ECDHE-ECDSA-AES128-CCM

Yes

DHE-RSA-AES128-CCM8

Yes

DHE-RSA-AES128-CCM

Yes

ECDHE-ECDSA-ARIA128-GCM-SHA256

Yes

ECDHE-ARIA128-GCM-SHA256

Yes

DHE-DSS-ARIA128-GCM-SHA256

Yes

DHE-RSA-ARIA128-GCM-SHA256

Yes

ECDHE-ECDSA-AES256-SHA384

Yes

ECDHE-RSA-AES256-SHA384

Yes

DHE-RSA-AES256-SHA256

Yes

DHE-DSS-AES256-SHA256

Yes

ECDHE-ECDSA-CAMELLIA256-SHA384

Yes

ECDHE-RSA-CAMELLIA256-SHA384

Yes

DHE-RSA-CAMELLIA256-SHA256

Yes

DHE-DSS-CAMELLIA256-SHA256

Yes

Yes

ECDHE-ECDSA-AES128-SHA256

Yes

ECDHE-RSA-AES128-SHA256

Yes

DHE-RSA-AES128-SHA256

Yes

DHE-DSS-AES128-SHA256

Yes

Yes

ECDHE-ECDSA-CAMELLIA128-SHA256

Yes

ECDHE-RSA-CAMELLIA128-SHA256

Yes

DHE-RSA-CAMELLIA128-SHA256

Yes

DHE-DSS-CAMELLIA128-SHA256

Yes

ECDHE-ECDSA-AES256-SHA

Yes

Yes

ECDHE-RSA-AES256-SHA

Yes

Yes

DHE-RSA-AES256-SHA

Yes

Yes

DHE-DSS-AES256-SHA

Yes

Yes

DHE-RSA-CAMELLIA256-SHA

Yes

Yes

DHE-DSS-CAMELLIA256-SHA

Yes

ECDHE-ECDSA-AES128-SHA

Yes

Yes

ECDHE-RSA-AES128-SHA

Yes

Yes

DHE-RSA-AES128-SHA

Yes

Yes

DHE-DSS-AES128-SHA

Yes

DHE-RSA-CAMELLIA128-SHA

Yes

Yes

DHE-DSS-CAMELLIA128-SHA

Yes

Yes

AES256-GCM-SHA384

Yes

AES256-CCM8

Yes

AES256-CCM

Yes

ARIA256-GCM-SHA384

Yes

AES128-GCM-SHA256

Yes

AES128-CCM8

Yes

AES128-CCM

Yes

ARIA128-GCM-SHA256

Yes

AES256-SHA256

Yes

CAMELLIA256-SHA256

Yes

AES128-SHA256

Yes

CAMELLIA128-SHA256

Yes

AES256-SHA

Yes

Yes

CAMELLIA256-SHA

Yes

Yes

AES128-SHA

Yes

Yes

CAMELLIA128-SHA

Yes

Yes

DHE-RSA-SEED-SHA

Yes

Yes

DHE-DSS-SEED-SHA

Yes

Yes

ECDHE-ECDSA-DES-CBC3-SHA

Yes

Yes

ECDHE-RSA-DES-CBC3-SHA

Yes

Yes

EDH-RSA-DES-CBC3-SHA

Yes

Yes

EDH-DSS-DES-CBC3-SHA

Yes

Yes

SEED-SHA

Yes

Yes

IDEA-CBC-SHA

Yes

Yes

DES-CBC3-SHA

Yes

Yes

Note: All the medium level ciphers are also supported by the high encryption level, except for those ciphers highlighted in red.

Generally speaking, for security reasons, SHA-1 is preferable, although you may not be able to use it for client compatibility reasons. Avoid using:

  • Older hash algorithms, such as MD5. To disable MD5, for SSL/TLS encryption level, select High.
  • Encryption bit strengths less than 128
  • Older styles of renegotiation (These are vulnerable to Man-in-the-Middle (MITM) attacks.)
  • Client-initiated renegotiation. Configure Configuring an HTTP server policy.
Customized-only SSL/TLS encryption levels

The ciphers in the customized level can be viewed in the GUI, so we won't be listing them in this guide.

All the customized ciphers are included in the high and medium level cipher table listed above, with the exception of the ciphers mentioned in the table below.

Cipher TLS 1.3 TLS 1.2 TLS 1.0, 1.1

TLS_AES_128_CCM_SHA256

Yes

TLS_AES_128_CCM_8_SHA256

Yes

Supported cipher suites - for connection between FortiWeb and back-end servers

Supported cipher suites - for connection between FortiWeb and back-end servers
High SSL/TLS encryption levels
Cipher TLS 1.3 TLS 1.2 TLS 1.0, 1.1

TLS_AES_256_GCM_SHA384

Yes

TLS_CHACHA20_POLY1305_SHA256

Yes

TLS_AES_128_GCM_SHA256

Yes

ECDHE-ECDSA-AES256-GCM-SHA384

Yes

ECDHE-RSA-AES256-GCM-SHA384

Yes

DHE-DSS-AES256-GCM-SHA384

Yes

DHE-RSA-AES256-GCM-SHA384

Yes

ECDHE-ECDSA-CHACHA20-POLY1305

Yes

ECDHE-RSA-CHACHA20-POLY1305

Yes

DHE-RSA-CHACHA20-POLY1305

Yes

ECDHE-ECDSA-AES256-CCM8

Yes

ECDHE-ECDSA-AES256-CCM

Yes

DHE-RSA-AES256-CCM8

Yes

DHE-RSA-AES256-CCM

Yes

ECDHE-ECDSA-ARIA256-GCM-SHA384

Yes

ECDHE-ARIA256-GCM-SHA384

Yes

DHE-DSS-ARIA256-GCM-SHA384

Yes

DHE-RSA-ARIA256-GCM-SHA384

Yes

ECDHE-ECDSA-AES128-GCM-SHA256

Yes

ECDHE-RSA-AES128-GCM-SHA256

Yes

DHE-DSS-AES128-GCM-SHA256

Yes

DHE-RSA-AES128-GCM-SHA256

Yes

ECDHE-ECDSA-AES128-CCM8

Yes

ECDHE-ECDSA-AES128-CCM

Yes

DHE-RSA-AES128-CCM8

Yes

DHE-RSA-AES128-CCM

Yes

ECDHE-ECDSA-ARIA128-GCM-SHA256

Yes

ECDHE-ARIA128-GCM-SHA256

Yes

DHE-DSS-ARIA128-GCM-SHA256

Yes

DHE-RSA-ARIA128-GCM-SHA256

Yes

ECDHE-ECDSA-AES256-SHA384

Yes

ECDHE-RSA-AES256-SHA384

Yes

DHE-RSA-AES256-SHA256

Yes

DHE-DSS-AES256-SHA256

Yes

ECDHE-ECDSA-CAMELLIA256-SHA384

Yes

ECDHE-RSA-CAMELLIA256-SHA384

Yes

DHE-RSA-CAMELLIA256-SHA256

Yes

DHE-DSS-CAMELLIA256-SHA256

Yes

Yes

ECDHE-ECDSA-AES128-SHA256

Yes

ECDHE-RSA-AES128-SHA256

Yes

DHE-RSA-AES128-SHA256

Yes

DHE-DSS-AES128-SHA256

Yes

Yes

ECDHE-ECDSA-CAMELLIA128-SHA256

Yes

ECDHE-RSA-CAMELLIA128-SHA256

Yes

DHE-RSA-CAMELLIA128-SHA256

Yes

DHE-DSS-CAMELLIA128-SHA256

Yes

ECDHE-ECDSA-AES256-SHA

Yes

Yes

ECDHE-RSA-AES256-SHA

Yes

Yes

DHE-RSA-AES256-SHA

Yes

Yes

DHE-DSS-AES256-SHA

Yes

Yes

DHE-RSA-CAMELLIA256-SHA

Yes

Yes

DHE-DSS-CAMELLIA256-SHA

Yes

ECDHE-ECDSA-AES128-SHA

Yes

Yes

ECDHE-RSA-AES128-SHA

Yes

Yes

DHE-RSA-AES128-SHA

Yes

Yes

DHE-DSS-AES128-SHA

Yes

DHE-RSA-CAMELLIA128-SHA

Yes

Yes

DHE-DSS-CAMELLIA128-SHA

Yes

Yes

AES256-GCM-SHA384

Yes

AES256-CCM8

Yes

AES256-CCM

Yes

ARIA256-GCM-SHA384

Yes

AES128-GCM-SHA256

Yes

AES128-CCM8

Yes

AES128-CCM

Yes

ARIA128-GCM-SHA256

Yes

AES256-SHA256

Yes

CAMELLIA256-SHA256

Yes

AES128-SHA256

Yes

CAMELLIA128-SHA256

Yes

AES256-SHA

Yes

Yes

CAMELLIA256-SHA

Yes

Yes

AES128-SHA

Yes

Yes

CAMELLIA128-SHA

Yes

Yes

Medium SSL/TLS encryption levels
Cipher TLS 1.3 TLS 1.2 TLS 1.0, 1.1

TLS_AES_256_GCM_SHA384

Yes

TLS_CHACHA20_POLY1305_SHA256

Yes

TLS_AES_128_GCM_SHA256

Yes

ECDHE-ECDSA-AES256-GCM-SHA384

Yes

ECDHE-RSA-AES256-GCM-SHA384

Yes

DHE-DSS-AES256-GCM-SHA384

Yes

DHE-RSA-AES256-GCM-SHA384

Yes

ECDHE-ECDSA-CHACHA20-POLY1305

Yes

ECDHE-RSA-CHACHA20-POLY1305

Yes

DHE-RSA-CHACHA20-POLY1305

Yes

ECDHE-ECDSA-AES256-CCM8

Yes

ECDHE-ECDSA-AES256-CCM

Yes

DHE-RSA-AES256-CCM8

Yes

DHE-RSA-AES256-CCM

Yes

ECDHE-ECDSA-ARIA256-GCM-SHA384

Yes

ECDHE-ARIA256-GCM-SHA384

Yes

DHE-DSS-ARIA256-GCM-SHA384

Yes

DHE-RSA-ARIA256-GCM-SHA384

Yes

ECDHE-ECDSA-AES128-GCM-SHA256

Yes

ECDHE-RSA-AES128-GCM-SHA256

Yes

DHE-DSS-AES128-GCM-SHA256

Yes

DHE-RSA-AES128-GCM-SHA256

Yes

ECDHE-ECDSA-AES128-CCM8

Yes

ECDHE-ECDSA-AES128-CCM

Yes

DHE-RSA-AES128-CCM8

Yes

DHE-RSA-AES128-CCM

Yes

ECDHE-ECDSA-ARIA128-GCM-SHA256

Yes

ECDHE-ARIA128-GCM-SHA256

Yes

DHE-DSS-ARIA128-GCM-SHA256

Yes

DHE-RSA-ARIA128-GCM-SHA256

Yes

ECDHE-ECDSA-AES256-SHA384

Yes

ECDHE-RSA-AES256-SHA384

Yes

DHE-RSA-AES256-SHA256

Yes

DHE-DSS-AES256-SHA256

Yes

ECDHE-ECDSA-CAMELLIA256-SHA384

Yes

ECDHE-RSA-CAMELLIA256-SHA384

Yes

DHE-RSA-CAMELLIA256-SHA256

Yes

DHE-DSS-CAMELLIA256-SHA256

Yes

Yes

ECDHE-ECDSA-AES128-SHA256

Yes

ECDHE-RSA-AES128-SHA256

Yes

DHE-RSA-AES128-SHA256

Yes

DHE-DSS-AES128-SHA256

Yes

Yes

ECDHE-ECDSA-CAMELLIA128-SHA256

Yes

ECDHE-RSA-CAMELLIA128-SHA256

Yes

DHE-RSA-CAMELLIA128-SHA256

Yes

DHE-DSS-CAMELLIA128-SHA256

Yes

ECDHE-ECDSA-AES256-SHA

Yes

Yes

ECDHE-RSA-AES256-SHA

Yes

Yes

DHE-RSA-AES256-SHA

Yes

Yes

DHE-DSS-AES256-SHA

Yes

Yes

DHE-RSA-CAMELLIA256-SHA

Yes

Yes

DHE-DSS-CAMELLIA256-SHA

Yes

ECDHE-ECDSA-AES128-SHA

Yes

Yes

ECDHE-RSA-AES128-SHA

Yes

Yes

DHE-RSA-AES128-SHA

Yes

Yes

DHE-DSS-AES128-SHA

Yes

DHE-RSA-CAMELLIA128-SHA

Yes

Yes

DHE-DSS-CAMELLIA128-SHA

Yes

Yes

AES256-GCM-SHA384

Yes

AES256-CCM8

Yes

AES256-CCM

Yes

ARIA256-GCM-SHA384

Yes

AES128-GCM-SHA256

Yes

AES128-CCM8

Yes

AES128-CCM

Yes

ARIA128-GCM-SHA256

Yes

AES256-SHA256

Yes

CAMELLIA256-SHA256

Yes

AES128-SHA256

Yes

CAMELLIA128-SHA256

Yes

AES256-SHA

Yes

Yes

CAMELLIA256-SHA

Yes

Yes

AES128-SHA

Yes

Yes

CAMELLIA128-SHA

Yes

Yes

DHE-RSA-SEED-SHA

Yes

Yes

DHE-DSS-SEED-SHA

Yes

Yes

ECDHE-ECDSA-DES-CBC3-SHA

Yes

Yes

ECDHE-RSA-DES-CBC3-SHA

Yes

Yes

EDH-RSA-DES-CBC3-SHA

Yes

Yes

EDH-DSS-DES-CBC3-SHA

Yes

Yes

SEED-SHA

Yes

Yes

IDEA-CBC-SHA

Yes

Yes

DES-CBC3-SHA

Yes

Yes

Note: All the medium level ciphers are also supported by the high encryption level, except for those ciphers highlighted in red.

Generally speaking, for security reasons, SHA-1 is preferable, although you may not be able to use it for client compatibility reasons. Avoid using:

  • Older hash algorithms, such as MD5. To disable MD5, for SSL/TLS encryption level, select High.
  • Encryption bit strengths less than 128
  • Older styles of renegotiation (These are vulnerable to Man-in-the-Middle (MITM) attacks.)
  • Client-initiated renegotiation. Configure Configuring an HTTP server policy.
Customized-only SSL/TLS encryption levels

The ciphers in the customized level can be viewed in the GUI, so we won't be listing them in this guide.

All the customized ciphers are included in the high and medium level cipher table listed above, with the exception of the ciphers mentioned in the table below.

Cipher TLS 1.3 TLS 1.2 TLS 1.0, 1.1

TLS_AES_128_CCM_SHA256

Yes

TLS_AES_128_CCM_8_SHA256

Yes