Supported cipher suites - for connections between FortiWeb and the clients

High SSL/TLS encryption levels

Cipher	TLS 1.3	TLS 1.2	TLS 1.0, 1.1
TLS_AES_256_GCM_SHA384	Yes
TLS_CHACHA20_POLY1305_SHA256	Yes
TLS_AES_128_GCM_SHA256	Yes
ECDHE-RSA-AES256-GCM-SHA384		Yes
DHE-RSA-AES256-GCM-SHA384		Yes
ECDHE-RSA-CHACHA20-POLY1305		Yes
DHE-RSA-CHACHA20-POLY1305		Yes
DHE-RSA-AES256-CCM8		Yes
DHE-RSA-AES256-CCM		Yes
ECDHE-RSA-AES128-GCM-SHA256		Yes
DHE-RSA-AES128-GCM-SHA256		Yes
DHE-RSA-AES128-CCM8		Yes
DHE-RSA-AES128-CCM		Yes
ECDHE-RSA-AES256-SHA384		Yes
DHE-RSA-AES256-SHA256		Yes
ECDHE-RSA-CAMELLIA256-SHA384		Yes
DHE-RSA-CAMELLIA256-SHA256		Yes
ECDHE-RSA-AES128-SHA256		Yes
DHE-RSA-AES128-SHA256		Yes
ECDHE-RSA-CAMELLIA128-SHA256		Yes
DHE-RSA-CAMELLIA128-SHA256		Yes
DHE-RSA-CAMELLIA128-SHA		Yes	Yes
ECDHE-RSA-AES256-SHA		Yes	Yes
DHE-RSA-AES256-SHA		Yes	Yes
DHE-RSA-CAMELLIA256-SHA		Yes	Yes
ECDHE-RSA-AES128-SHA		Yes	Yes
DHE-RSA-AES128-SHA		Yes	Yes
AES256-GCM-SHA384		Yes
AES256-CCM8		Yes
AES256-CCM		Yes
AES128-GCM-SHA256		Yes
AES128-CCM8		Yes
AES128-CCM		Yes
AES256-SHA256		Yes
CAMELLIA256-SHA256		Yes
CAMELLIA256-SHA		Yes	Yes
CAMELLIA128-SHA		Yes	Yes
AES128-SHA256		Yes
CAMELLIA128-SHA256		Yes
AES256-SHA		Yes	Yes
AES128-SHA		Yes	Yes
ECDHE-ECDSA-AES256-GCM-SHA384		Yes
ECDHE-ECDSA-CHACHA20-POLY1305		Yes
ECDHE-ECDSA-AES256-CCM8		Yes
ECDHE-ECDSA-AES256-CCM		Yes
ECDHE-ECDSA-AES128-GCM-SHA256		Yes
ECDHE-ECDSA-AES128-CCM8		Yes
ECDHE-ECDSA-AES128-CCM		Yes
ECDHE-ECDSA-AES256-SHA384		Yes
ECDHE-ECDSA-CAMELLIA256-SHA384		Yes
ECDHE-ECDSA-AES128-SHA256		Yes
ECDHE-ECDSA-CAMELLIA128-SHA256		Yes
ECDHE-ECDSA-AES256-SHA		Yes	Yes
ECDHE-ECDSA-AES128-SHA		Yes	Yes
DHE-DSS-AES256-GCM-SHA384		Yes
DHE-DSS-AES128-GCM-SHA256		Yes
DHE-DSS-AES256-SHA256		Yes
DHE-DSS-CAMELLIA256-SHA256		Yes
DHE-DSS-AES128-SHA256		Yes
DHE-DSS-CAMELLIA128-SHA256		Yes	Yes
DHE-DSS-CAMELLIA128-SHA		Yes	Yes
DHE-DSS-AES256-SHA		Yes	Yes
DHE-DSS-CAMELLIA256-SHA		Yes	Yes
DHE-DSS-AES128-SHA		Yes	Yes
ECDHE-ARIA128-GCM-SHA256		Yes
DHE-RSA-ARIA128-GCM-SHA256		Yes
DHE-RSA-ARIA256-GCM-SHA384		Yes
ECDHE-ARIA256-GCM-SHA384		Yes
ARIA256-GCM-SHA384		Yes
ARIA128-GCM-SHA256		Yes
ECDHE-ECDSA-ARIA256-GCM-SHA384		Yes
ECDHE-ECDSA-ARIA128-GCM-SHA256		Yes
DHE-DSS-ARIA256-GCM-SHA384		Yes
DHE-DSS-ARIA128-GCM-SHA256		Yes

Medium SSL/TLS encryption levels

Cipher	TLS 1.3	TLS 1.2	TLS 1.0, 1.1
TLS_AES_256_GCM_SHA384	Yes
TLS_CHACHA20_POLY1305_SHA256	Yes
TLS_AES_128_GCM_SHA256	Yes
ECDHE-RSA-AES256-GCM-SHA384		Yes
DHE-RSA-AES256-GCM-SHA384		Yes
ECDHE-RSA-CHACHA20-POLY1305		Yes
DHE-RSA-CHACHA20-POLY1305		Yes
DHE-RSA-AES256-CCM8		Yes
DHE-RSA-AES256-CCM		Yes
ECDHE-RSA-AES128-GCM-SHA256		Yes
DHE-RSA-AES128-GCM-SHA256		Yes
DHE-RSA-AES128-CCM8		Yes
DHE-RSA-AES128-CCM		Yes
ECDHE-RSA-AES256-SHA384		Yes
DHE-RSA-AES256-SHA256		Yes
ECDHE-RSA-CAMELLIA256-SHA384		Yes
DHE-RSA-CAMELLIA256-SHA256		Yes
ECDHE-RSA-AES128-SHA256		Yes
DHE-RSA-AES128-SHA256		Yes
ECDHE-RSA-CAMELLIA128-SHA256		Yes
DHE-RSA-CAMELLIA128-SHA256		Yes
DHE-RSA-CAMELLIA128-SHA		Yes	Yes
ECDHE-RSA-AES256-SHA		Yes	Yes
DHE-RSA-AES256-SHA		Yes	Yes
DHE-RSA-CAMELLIA256-SHA		Yes	Yes
ECDHE-RSA-AES128-SHA		Yes	Yes
DHE-RSA-AES128-SHA		Yes	Yes
AES256-GCM-SHA384		Yes
AES256-CCM8		Yes
AES256-CCM		Yes
AES128-GCM-SHA256		Yes
AES128-CCM8		Yes
AES128-CCM		Yes
AES256-SHA256		Yes
CAMELLIA256-SHA256		Yes
CAMELLIA256-SHA		Yes	Yes
CAMELLIA128-SHA		Yes	Yes
AES128-SHA256		Yes
CAMELLIA128-SHA256		Yes
AES256-SHA		Yes	Yes
AES128-SHA		Yes	Yes
ECDHE-ECDSA-AES256-GCM-SHA384		Yes
ECDHE-ECDSA-CHACHA20-POLY1305		Yes
ECDHE-ECDSA-AES256-CCM8		Yes
ECDHE-ECDSA-AES256-CCM		Yes
ECDHE-ECDSA-AES128-GCM-SHA256		Yes
ECDHE-ECDSA-AES128-CCM8		Yes
ECDHE-ECDSA-AES128-CCM		Yes
ECDHE-ECDSA-AES256-SHA384		Yes
ECDHE-ECDSA-CAMELLIA256-SHA384		Yes
ECDHE-ECDSA-AES128-SHA256		Yes
ECDHE-ECDSA-CAMELLIA128-SHA256		Yes
ECDHE-ECDSA-AES256-SHA		Yes	Yes
ECDHE-ECDSA-AES128-SHA		Yes	Yes
DHE-DSS-AES256-GCM-SHA384		Yes
DHE-DSS-AES128-GCM-SHA256		Yes
DHE-DSS-AES256-SHA256		Yes
DHE-DSS-CAMELLIA256-SHA256		Yes
DHE-DSS-AES128-SHA256		Yes
DHE-DSS-CAMELLIA128-SHA256		Yes	Yes
DHE-DSS-CAMELLIA128-SHA		Yes	Yes
DHE-DSS-AES256-SHA		Yes	Yes
DHE-DSS-CAMELLIA256-SHA		Yes	Yes
DHE-DSS-AES128-SHA		Yes	Yes
ECDHE-ARIA128-GCM-SHA256		Yes
DHE-RSA-ARIA128-GCM-SHA256		Yes
DHE-RSA-ARIA256-GCM-SHA384		Yes
ECDHE-ARIA256-GCM-SHA384		Yes
ARIA256-GCM-SHA384		Yes
ARIA128-GCM-SHA256		Yes
ECDHE-ECDSA-ARIA256-GCM-SHA384		Yes
ECDHE-ECDSA-ARIA128-GCM-SHA256		Yes
DHE-DSS-ARIA256-GCM-SHA384		Yes
DHE-DSS-ARIA128-GCM-SHA256		Yes
DHE-RSA-SEED-SHA		Yes	Yes
DHE-DSS-SEED-SHA		Yes	Yes
IDEA-CBC-SHA			Yes
SEED-SHA		Yes	Yes

Note: All the medium level ciphers are also supported by the high encryption level, except for those ciphers highlighted in red.

Customized SSL/TLS encryption levels

The ciphers in the customized level can be viewed in the GUI, so we won't be listing them in this guide.

All the customized ciphers are included in the high and medium level cipher table listed above, with the exception of the ciphers mentioned in the table below.

Cipher	TLS 1.3	TLS 1.2	TLS 1.0, 1.1
TLS_AES_128_CCM_SHA256	Yes
TLS_AES_128_CCM_8_SHA256	Yes
ECDHE_RSA_DES_CBC3_SHA (also known as ECDHE-RSA-3DES-EDE-CBC-SHA)		Yes	Yes
DES_CBC3_SHA (also known as 3DES-EDE-CBC-SHA)		Yes	Yes

Generally speaking, for security reasons, SHA-1 is preferable, although you may not be able to use it for client compatibility reasons. Avoid using:

• Older hash algorithms, such as MD5. To disable MD5, for SSL/TLS encryption level, select High.
• Encryption bit strengths less than 128
• Older styles of renegotiation (These are vulnerable to Man-in-the-Middle (MITM) attacks.)
• Client-initiated renegotiation. Configure Configuring an HTTP server policy.

• Offloading vs. inspection
• How to offload or inspect HTTPS
• Defeating cipher padding attacks on individually encrypted inputs