Fortinet black logo

Strong cryptographic cipher requirements for FortiAP

Strong cryptographic cipher requirements for FortiAP

FortiOS 7.0.0 has removed 3DES and SHA1 from the list of strong cryptographic ciphers. To satisfy the cipher requirement, current FortiAP models whose names end with letter E or F should be upgraded to the following firmware versions:

  • FortiAP (F models): version 6.4.3 and later
  • FortiAP-S and FortiAP-W2 (E models): version 6.2.4, 6.4.1, and later
  • FortiAP-U (EV and F models): version 6.0.3 and later
  • FortiAP-C (FAP-C24JE): version 5.4.3 and later

If FortiGates running FortiOS 7.0.0 need to manage FortiAP models that cannot be upgraded or legacy FortiAP models whose names end with the letters B, C, CR, or D, administrators can allow those FortiAPs' connections with weak cipher encryption by entering the following in the FortiOS CLI:

config system global
    set ssl-static-key-ciphers enable
    set strong-crypto disable
end

Strong cryptographic cipher requirements for FortiAP

FortiOS 7.0.0 has removed 3DES and SHA1 from the list of strong cryptographic ciphers. To satisfy the cipher requirement, current FortiAP models whose names end with letter E or F should be upgraded to the following firmware versions:

  • FortiAP (F models): version 6.4.3 and later
  • FortiAP-S and FortiAP-W2 (E models): version 6.2.4, 6.4.1, and later
  • FortiAP-U (EV and F models): version 6.0.3 and later
  • FortiAP-C (FAP-C24JE): version 5.4.3 and later

If FortiGates running FortiOS 7.0.0 need to manage FortiAP models that cannot be upgraded or legacy FortiAP models whose names end with the letters B, C, CR, or D, administrators can allow those FortiAPs' connections with weak cipher encryption by entering the following in the FortiOS CLI:

config system global
    set ssl-static-key-ciphers enable
    set strong-crypto disable
end