Disable weak ciphers in the HTTPS protocol 7.0.2
Administrators can select what ciphers to use for TLS 1.3 in administrative HTTPS connections, and what ciphers to ban for TLS 1.2 and below.
To select the ciphers to use for TLS 1.3 and ban for TLS 1.2 and lower:
config system global set admin-https-ssl-ciphersuites {TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256 TLS-AES-128-CCM-SHA256 TLS-AES-128-CCM-8-SHA256} set admin-https-ssl-banned-ciphers {RSA DHE ECDHE DSS ECDSA AES AESGCM CAMELLIA 3DES SHA1 SHA256 SHA384 STATIC CHACHA20 ARIA AESCCM} end
admin-https-ssl-ciphersuites {TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256 TLS-AES-128-CCM-SHA256 TLS-AES-128-CCM-8-SHA256} |
Select one or more TLS 1.3 cipher suites to enable. Ciphers in TLS 1.2 and below are not affected. At least one must be enabled. To disable all, remove TLS1.3 from TLS-AES-128-CCM-SHA256 and TLS-AES-128-CCM-8-SHA256 are only available when strong-crypto is disabled. |
admin-https-ssl-banned-ciphers {RSA DHE ECDHE DSS ECDSA AES AESGCM CAMELLIA 3DES SHA1 SHA256 SHA384 STATIC CHACHA20 ARIA AESCCM} |
Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. |
To test connecting from a PC using one of the cipher suites:
-
Disable strong-crypto and select all five cipher suites:
config system global set admin-https-redirect disable set admin-https-ssl-ciphersuites TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256 TLS-AES-128-CCM-SHA256 TLS-AES-128-CCM-8-SHA256 set strong-crypto disable end
-
Connect from a PC using TLS_AES_128_CCM_SHA256:
~$ openssl s_client -connect 172.16.200.101:443 -tls1_3 -ciphersuites TLS_AES_128_CCM_SHA256 CONNECTED(00000005) Can't use SSL_get_servername depth=0 O = Fortinet Ltd., CN = FortiGate ... --- New, TLSv1.3, Cipher is TLS_AES_128_CCM_SHA256 Server public key is 2048 bit ....
-
Enable strong-crypto:
config system global set strong-crypto enable end TLS cipher suite 'TLS-AES-128-CCM-SHA256' can not be supported so removed. TLS cipher suite 'TLS-AES-128-CCM-8-SHA256' can not be supported so removed.
-
Try to connect from the PC again using TLS_AES_128_CCM_SHA256:
~$ openssl s_client -connect 172.16.200.101:443 -tls1_3 -ciphersuites TLS_AES_128_CCM_SHA256 CONNECTED(00000005) 139694547268800:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1528:SSL alert number 40 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 211 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported ....
The connection fails because TLS_AES_128_CCM_SHA256 is not supported when strong-ctrypo is enabled.