Supported cipher suites - for connection between FortiWeb and back-end servers
High SSL/TLS encryption levels
Cipher | TLS 1.3 | TLS 1.2 | TLS 1.0, 1.1 |
---|---|---|---|
TLS_AES_256_GCM_SHA384 |
Yes |
|
|
TLS_CHACHA20_POLY1305_SHA256 |
Yes |
|
|
TLS_AES_128_GCM_SHA256 |
Yes |
|
|
ECDHE-ECDSA-AES256-GCM-SHA384 |
|
Yes |
|
ECDHE-RSA-AES256-GCM-SHA384 |
|
Yes |
|
DHE-DSS-AES256-GCM-SHA384 |
|
Yes |
|
DHE-RSA-AES256-GCM-SHA384 |
|
Yes |
|
ECDHE-ECDSA-CHACHA20-POLY1305 |
|
Yes |
|
ECDHE-RSA-CHACHA20-POLY1305 |
|
Yes |
|
DHE-RSA-CHACHA20-POLY1305 |
|
Yes |
|
ECDHE-ECDSA-AES256-CCM8 |
|
Yes |
|
ECDHE-ECDSA-AES256-CCM |
|
Yes |
|
DHE-RSA-AES256-CCM8 |
|
Yes |
|
DHE-RSA-AES256-CCM |
|
Yes |
|
ECDHE-ECDSA-ARIA256-GCM-SHA384 |
|
Yes |
|
ECDHE-ARIA256-GCM-SHA384 |
|
Yes |
|
DHE-DSS-ARIA256-GCM-SHA384 |
|
Yes |
|
DHE-RSA-ARIA256-GCM-SHA384 |
|
Yes |
|
ECDHE-ECDSA-AES128-GCM-SHA256 |
|
Yes |
|
ECDHE-RSA-AES128-GCM-SHA256 |
|
Yes |
|
DHE-DSS-AES128-GCM-SHA256 |
|
Yes |
|
DHE-RSA-AES128-GCM-SHA256 |
|
Yes |
|
ECDHE-ECDSA-AES128-CCM8 |
|
Yes |
|
ECDHE-ECDSA-AES128-CCM |
|
Yes |
|
DHE-RSA-AES128-CCM8 |
|
Yes |
|
DHE-RSA-AES128-CCM |
|
Yes |
|
ECDHE-ECDSA-ARIA128-GCM-SHA256 |
|
Yes |
|
ECDHE-ARIA128-GCM-SHA256 |
|
Yes |
|
DHE-DSS-ARIA128-GCM-SHA256 |
|
Yes |
|
DHE-RSA-ARIA128-GCM-SHA256 |
|
Yes |
|
ECDHE-ECDSA-AES256-SHA384 |
|
Yes |
|
ECDHE-RSA-AES256-SHA384 |
|
Yes |
|
DHE-RSA-AES256-SHA256 |
|
Yes |
|
DHE-DSS-AES256-SHA256 |
|
Yes |
|
ECDHE-ECDSA-CAMELLIA256-SHA384 |
|
Yes |
|
ECDHE-RSA-CAMELLIA256-SHA384 |
|
Yes |
|
DHE-RSA-CAMELLIA256-SHA256 |
|
Yes |
|
DHE-DSS-CAMELLIA256-SHA256 |
|
Yes |
Yes |
ECDHE-ECDSA-AES128-SHA256 |
|
Yes |
|
ECDHE-RSA-AES128-SHA256 |
|
Yes |
|
DHE-RSA-AES128-SHA256 |
|
Yes |
|
DHE-DSS-AES128-SHA256 |
|
Yes |
Yes |
ECDHE-ECDSA-CAMELLIA128-SHA256 |
|
Yes |
|
ECDHE-RSA-CAMELLIA128-SHA256 |
|
Yes |
|
DHE-RSA-CAMELLIA128-SHA256 |
|
Yes |
|
DHE-DSS-CAMELLIA128-SHA256 |
|
Yes |
|
ECDHE-ECDSA-AES256-SHA |
|
Yes |
Yes |
ECDHE-RSA-AES256-SHA |
|
Yes |
Yes |
DHE-RSA-AES256-SHA |
|
Yes |
Yes |
DHE-DSS-AES256-SHA |
|
Yes |
Yes |
DHE-RSA-CAMELLIA256-SHA |
|
Yes |
Yes |
DHE-DSS-CAMELLIA256-SHA |
|
Yes |
|
ECDHE-ECDSA-AES128-SHA |
|
Yes |
Yes |
ECDHE-RSA-AES128-SHA |
|
Yes |
Yes |
DHE-RSA-AES128-SHA |
|
Yes |
Yes |
DHE-DSS-AES128-SHA |
|
Yes |
|
DHE-RSA-CAMELLIA128-SHA |
|
Yes |
Yes |
DHE-DSS-CAMELLIA128-SHA |
|
Yes |
Yes |
AES256-GCM-SHA384 |
|
Yes |
|
AES256-CCM8 |
|
Yes |
|
AES256-CCM |
|
Yes |
|
ARIA256-GCM-SHA384 |
|
Yes |
|
AES128-GCM-SHA256 |
|
Yes |
|
AES128-CCM8 |
|
Yes |
|
AES128-CCM |
|
Yes |
|
ARIA128-GCM-SHA256 |
|
Yes |
|
AES256-SHA256 |
|
Yes |
|
CAMELLIA256-SHA256 |
|
Yes |
|
AES128-SHA256 |
|
Yes |
|
CAMELLIA128-SHA256 |
|
Yes |
|
AES256-SHA |
|
Yes |
Yes |
CAMELLIA256-SHA |
|
Yes |
Yes |
AES128-SHA |
|
Yes |
Yes |
CAMELLIA128-SHA |
|
Yes |
Yes |
Medium SSL/TLS encryption levels
Cipher | TLS 1.3 | TLS 1.2 | TLS 1.0, 1.1 |
---|---|---|---|
TLS_AES_256_GCM_SHA384 |
Yes |
|
|
TLS_CHACHA20_POLY1305_SHA256 |
Yes |
|
|
TLS_AES_128_GCM_SHA256 |
Yes |
|
|
ECDHE-ECDSA-AES256-GCM-SHA384 |
|
Yes |
|
ECDHE-RSA-AES256-GCM-SHA384 |
|
Yes |
|
DHE-DSS-AES256-GCM-SHA384 |
|
Yes |
|
DHE-RSA-AES256-GCM-SHA384 |
|
Yes |
|
ECDHE-ECDSA-CHACHA20-POLY1305 |
|
Yes |
|
ECDHE-RSA-CHACHA20-POLY1305 |
|
Yes |
|
DHE-RSA-CHACHA20-POLY1305 |
|
Yes |
|
ECDHE-ECDSA-AES256-CCM8 |
|
Yes |
|
ECDHE-ECDSA-AES256-CCM |
|
Yes |
|
DHE-RSA-AES256-CCM8 |
|
Yes |
|
DHE-RSA-AES256-CCM |
|
Yes |
|
ECDHE-ECDSA-ARIA256-GCM-SHA384 |
|
Yes |
|
ECDHE-ARIA256-GCM-SHA384 |
|
Yes |
|
DHE-DSS-ARIA256-GCM-SHA384 |
|
Yes |
|
DHE-RSA-ARIA256-GCM-SHA384 |
|
Yes |
|
ECDHE-ECDSA-AES128-GCM-SHA256 |
|
Yes |
|
ECDHE-RSA-AES128-GCM-SHA256 |
|
Yes |
|
DHE-DSS-AES128-GCM-SHA256 |
|
Yes |
|
DHE-RSA-AES128-GCM-SHA256 |
|
Yes |
|
ECDHE-ECDSA-AES128-CCM8 |
|
Yes |
|
ECDHE-ECDSA-AES128-CCM |
|
Yes |
|
DHE-RSA-AES128-CCM8 |
|
Yes |
|
DHE-RSA-AES128-CCM |
|
Yes |
|
ECDHE-ECDSA-ARIA128-GCM-SHA256 |
|
Yes |
|
ECDHE-ARIA128-GCM-SHA256 |
|
Yes |
|
DHE-DSS-ARIA128-GCM-SHA256 |
|
Yes |
|
DHE-RSA-ARIA128-GCM-SHA256 |
|
Yes |
|
ECDHE-ECDSA-AES256-SHA384 |
|
Yes |
|
ECDHE-RSA-AES256-SHA384 |
|
Yes |
|
DHE-RSA-AES256-SHA256 |
|
Yes |
|
DHE-DSS-AES256-SHA256 |
|
Yes |
|
ECDHE-ECDSA-CAMELLIA256-SHA384 |
|
Yes |
|
ECDHE-RSA-CAMELLIA256-SHA384 |
|
Yes |
|
DHE-RSA-CAMELLIA256-SHA256 |
|
Yes |
|
DHE-DSS-CAMELLIA256-SHA256 |
|
Yes |
Yes |
ECDHE-ECDSA-AES128-SHA256 |
|
Yes |
|
ECDHE-RSA-AES128-SHA256 |
|
Yes |
|
DHE-RSA-AES128-SHA256 |
|
Yes |
|
DHE-DSS-AES128-SHA256 |
|
Yes |
Yes |
ECDHE-ECDSA-CAMELLIA128-SHA256 |
|
Yes |
|
ECDHE-RSA-CAMELLIA128-SHA256 |
|
Yes |
|
DHE-RSA-CAMELLIA128-SHA256 |
|
Yes |
|
DHE-DSS-CAMELLIA128-SHA256 |
|
Yes |
|
ECDHE-ECDSA-AES256-SHA |
|
Yes |
Yes |
ECDHE-RSA-AES256-SHA |
|
Yes |
Yes |
DHE-RSA-AES256-SHA |
|
Yes |
Yes |
DHE-DSS-AES256-SHA |
|
Yes |
Yes |
DHE-RSA-CAMELLIA256-SHA |
|
Yes |
Yes |
DHE-DSS-CAMELLIA256-SHA |
|
Yes |
|
ECDHE-ECDSA-AES128-SHA |
|
Yes |
Yes |
ECDHE-RSA-AES128-SHA |
|
Yes |
Yes |
DHE-RSA-AES128-SHA |
|
Yes |
Yes |
DHE-DSS-AES128-SHA |
|
Yes |
|
DHE-RSA-CAMELLIA128-SHA |
|
Yes |
Yes |
DHE-DSS-CAMELLIA128-SHA |
|
Yes |
Yes |
AES256-GCM-SHA384 |
|
Yes |
|
AES256-CCM8 |
|
Yes |
|
AES256-CCM |
|
Yes |
|
ARIA256-GCM-SHA384 |
|
Yes |
|
AES128-GCM-SHA256 |
|
Yes |
|
AES128-CCM8 |
|
Yes |
|
AES128-CCM |
|
Yes |
|
ARIA128-GCM-SHA256 |
|
Yes |
|
AES256-SHA256 |
|
Yes |
|
CAMELLIA256-SHA256 |
|
Yes |
|
AES128-SHA256 |
|
Yes |
|
CAMELLIA128-SHA256 |
|
Yes |
|
AES256-SHA |
|
Yes |
Yes |
CAMELLIA256-SHA |
|
Yes |
Yes |
AES128-SHA |
|
Yes |
Yes |
CAMELLIA128-SHA |
|
Yes |
Yes |
DHE-RSA-SEED-SHA |
|
Yes |
Yes |
DHE-DSS-SEED-SHA |
|
Yes |
Yes |
ECDHE-ECDSA-DES-CBC3-SHA |
|
Yes |
Yes |
ECDHE-RSA-DES-CBC3-SHA |
|
Yes |
Yes |
EDH-RSA-DES-CBC3-SHA |
|
Yes |
Yes |
EDH-DSS-DES-CBC3-SHA |
|
Yes |
Yes |
SEED-SHA |
|
Yes |
Yes |
IDEA-CBC-SHA |
|
Yes |
Yes |
DES-CBC3-SHA |
|
Yes |
Yes |
Note: All the medium level ciphers are also supported by the high encryption level, except for those ciphers highlighted in red.
Generally speaking, for security reasons, SHA-1 is preferable, although you may not be able to use it for client compatibility reasons. Avoid using:
- Older hash algorithms, such as MD5. To disable MD5, for SSL/TLS encryption level, select High.
- Encryption bit strengths less than 128
- Older styles of renegotiation (These are vulnerable to Man-in-the-Middle (MITM) attacks.)
- Client-initiated renegotiation. Configure Configuring an HTTP server policy.
Customized-only SSL/TLS encryption levels
The ciphers in the customized level can be viewed in the GUI, so we won't be listing them in this guide.
All the customized ciphers are included in the high and medium level cipher table listed above, with the exception of the ciphers mentioned in the table below.
Cipher | TLS 1.3 | TLS 1.2 | TLS 1.0, 1.1 |
---|---|---|---|
TLS_AES_128_CCM_SHA256 |
Yes | ||
TLS_AES_128_CCM_8_SHA256 |
Yes |