Fortinet white logo
Fortinet white logo

Administration Guide

Supported cipher suites & protocol versions

Supported cipher suites & protocol versions

How secure is an HTTPS connection?

There are physical considerations, such as restricting access to private keys and decrypted traffic. Another part is the encryption. For details, see Offloading vs. inspection.

A secure connection’s protocol version and cipher suite, including encryption bit strength and encryption algorithms, is negotiated between the client and the SSL/TLS terminator during the handshake.

The FortiWeb operation mode determines which device is the SSL terminator. It is either:

  • The FortiWeb (if doing SSL offloading)
  • The web server (if FortiWeb is doing only SSL inspection)

When FortiWeb is the SSL terminator, FortiWeb controls which ciphers are allowed. For details, see SSL offloading cipher suites and protocols (Reverse Proxy and True Transparent Proxy).

When the web server is the terminator, it controls which ciphers are allowed. If it selects a cipher that FortiWeb does not support, FortiWeb cannot perform the SSL inspection task. For details, see SSL inspection cipher suites and protocols (offline and Transparent Inspection).

SSL offloading cipher suites and protocols (Reverse Proxy and True Transparent Proxy)

If you have configured SSL offloading for your FortiWeb operating in Reverse Proxy mode, you can specify which protocols a server policy allows and whether the set of cipher suites it supports is medium-level security, high-level security or a customized set. For details, see Configuring an HTTP server policy.

In True Transparent Proxy mode, you can specify these same advanced SSL settings to configure offloading for a server pool member. For details, see Creating an HTTP server pool.

Creating an SSL cipher group

FortiWeb provides two predefined groups which contain the most commonly used ciphers.

  • Mozilla-Modern: For services with clients that support TLS 1.3 and don't need backward compatibility, Mozilla-Modern is the recommended configuration as it provides an extremely high level of security.

  • Mozilla-Intermediate: For services that don't need compatibility with legacy clients such as Windows XP or old versions of OpenSSL, Mozilla-Intermediate is the recommended configuration as it is highly secure and in the meanwhile compatible with nearly every client released in the last five (or more) years.

If the predefined security groups don't meet your demands, you can follow the steps below to create an SSL cipher group and select the ciphers as you want.

To create an SSL cipher group:

  1. Go to Server Objects > SSL Ciphers.
    To access this part of the web UI, your administrator account’s access profile must have Read and Write permission to items in the Server Policy Configuration category. For details, see Permissions.
  2. Select the Custom tab.
  3. Click Create New.
  4. Enter a name for the cipher group.
  5. Select the supported SSL Protocols.
  6. Select the SSL/TLS Encryption level. for the ciphers available for each protocol.
    TLS protocol changes a lot since version 1.3, including the handshake algorithm, the supported ciphers and certificates. Make sure you understand how it works before enabling TLS 1.3.

    Note: O-RTT in TLS 1.3 is disabled by default. You can use the following command to enable it:

    config server-policy setting

    set tls13-early-data-mode enable

    end

    For the supported ciphers of each TLS version, see Supported cipher suites & protocol versions.

  7. The SSL/TLS encryption level in the advanced SSL settings provides the following options:
    For the ciphers supported in high, medium, and customized levels, refer to Supported cipher suites - for connections between FortiWeb and the clients and Supported cipher suites - for connection between FortiWeb and back-end servers.
  8. Click OK.

Reference the group in a server policy or server pool settings. Please note that the Security Group option is available only if you specify a value for Supported cipher suites & protocol versions and select Show advanced SSL settings.

SSL inspection cipher suites and protocols (offline and Transparent Inspection)

In Transparent Inspection and Offline Protection modes, if the client and server communicate using a cipher that FortiWeb does not support, FortiWeb cannot perform the SSL inspection task.

If you are not sure which cipher suites your web server supports, you can use a client-side tool to test. For details, see Checking the SSL/TLS handshake & encryption.

Supported ciphers for offline and Transparent Inspection
Cipher TLS 1.2 TLS 1.0, 1.1
AES128-SHA Yes Yes
AES256-SHA Yes Yes
AES128-SHA256 Yes
AES256-SHA256 Yes
AES256-GCM-SHA384 Yes
AES128-GCM-SHA256 Yes
CAMELLIA256-SHA Yes Yes
SEED-SHA Yes Yes
In offline and Transparent Inspection mode, FortiWeb does not support Ephemeral Diffie-Hellman key exchanges, which may be accepted by clients such as Google Chrome.
See also

Supported cipher suites & protocol versions

Supported cipher suites & protocol versions

How secure is an HTTPS connection?

There are physical considerations, such as restricting access to private keys and decrypted traffic. Another part is the encryption. For details, see Offloading vs. inspection.

A secure connection’s protocol version and cipher suite, including encryption bit strength and encryption algorithms, is negotiated between the client and the SSL/TLS terminator during the handshake.

The FortiWeb operation mode determines which device is the SSL terminator. It is either:

  • The FortiWeb (if doing SSL offloading)
  • The web server (if FortiWeb is doing only SSL inspection)

When FortiWeb is the SSL terminator, FortiWeb controls which ciphers are allowed. For details, see SSL offloading cipher suites and protocols (Reverse Proxy and True Transparent Proxy).

When the web server is the terminator, it controls which ciphers are allowed. If it selects a cipher that FortiWeb does not support, FortiWeb cannot perform the SSL inspection task. For details, see SSL inspection cipher suites and protocols (offline and Transparent Inspection).

SSL offloading cipher suites and protocols (Reverse Proxy and True Transparent Proxy)

If you have configured SSL offloading for your FortiWeb operating in Reverse Proxy mode, you can specify which protocols a server policy allows and whether the set of cipher suites it supports is medium-level security, high-level security or a customized set. For details, see Configuring an HTTP server policy.

In True Transparent Proxy mode, you can specify these same advanced SSL settings to configure offloading for a server pool member. For details, see Creating an HTTP server pool.

Creating an SSL cipher group

FortiWeb provides two predefined groups which contain the most commonly used ciphers.

  • Mozilla-Modern: For services with clients that support TLS 1.3 and don't need backward compatibility, Mozilla-Modern is the recommended configuration as it provides an extremely high level of security.

  • Mozilla-Intermediate: For services that don't need compatibility with legacy clients such as Windows XP or old versions of OpenSSL, Mozilla-Intermediate is the recommended configuration as it is highly secure and in the meanwhile compatible with nearly every client released in the last five (or more) years.

If the predefined security groups don't meet your demands, you can follow the steps below to create an SSL cipher group and select the ciphers as you want.

To create an SSL cipher group:

  1. Go to Server Objects > SSL Ciphers.
    To access this part of the web UI, your administrator account’s access profile must have Read and Write permission to items in the Server Policy Configuration category. For details, see Permissions.
  2. Select the Custom tab.
  3. Click Create New.
  4. Enter a name for the cipher group.
  5. Select the supported SSL Protocols.
  6. Select the SSL/TLS Encryption level. for the ciphers available for each protocol.
    TLS protocol changes a lot since version 1.3, including the handshake algorithm, the supported ciphers and certificates. Make sure you understand how it works before enabling TLS 1.3.

    Note: O-RTT in TLS 1.3 is disabled by default. You can use the following command to enable it:

    config server-policy setting

    set tls13-early-data-mode enable

    end

    For the supported ciphers of each TLS version, see Supported cipher suites & protocol versions.

  7. The SSL/TLS encryption level in the advanced SSL settings provides the following options:
    For the ciphers supported in high, medium, and customized levels, refer to Supported cipher suites - for connections between FortiWeb and the clients and Supported cipher suites - for connection between FortiWeb and back-end servers.
  8. Click OK.

Reference the group in a server policy or server pool settings. Please note that the Security Group option is available only if you specify a value for Supported cipher suites & protocol versions and select Show advanced SSL settings.

SSL inspection cipher suites and protocols (offline and Transparent Inspection)

In Transparent Inspection and Offline Protection modes, if the client and server communicate using a cipher that FortiWeb does not support, FortiWeb cannot perform the SSL inspection task.

If you are not sure which cipher suites your web server supports, you can use a client-side tool to test. For details, see Checking the SSL/TLS handshake & encryption.

Supported ciphers for offline and Transparent Inspection
Cipher TLS 1.2 TLS 1.0, 1.1
AES128-SHA Yes Yes
AES256-SHA Yes Yes
AES128-SHA256 Yes
AES256-SHA256 Yes
AES256-GCM-SHA384 Yes
AES128-GCM-SHA256 Yes
CAMELLIA256-SHA Yes Yes
SEED-SHA Yes Yes
In offline and Transparent Inspection mode, FortiWeb does not support Ephemeral Diffie-Hellman key exchanges, which may be accepted by clients such as Google Chrome.
See also