Supported cipher suites & protocol versions
How secure is an HTTPS connection?
This is partially physical considerations such as restricting access to private keys and decrypted traffic (see
“What is SSL/TLS offloading?”). Another part is the encryption.
A secure connection’s protocol version and cipher suite, including encryption bit strength and encryption algorithms, is negotiated between the client and the SSL terminator (FortiADC) during the handshake.
FortiADC supports:
• SSL 2.0 (disabled by default for security reasons)
• DES-EDE3-CBC-MD5 — 192-bit
• DES-CBC-MD5 — 64-bit
• SSL 3.0
• AES-SHA — 256-bit & 128-bit
• DES-CBC3-SHA — 168-bit
• TLS 1.0
• AES-SHA — 256-bit & 128-bit
• DES-CBC3-SHA — 168-bit
If you are not sure which cipher suites are being used, you can use a client-side tool to test. See
“Checking the SSL/TLS handshake & encryption”.
TLS 1.1, AES-256 or ECC, and SHA-1 are preferable. Generally speaking, for security reasons, avoid using:
• SSL 2.0
• TLS 1.0
• Older hash algorithms, such as MD5. (On modern computers, these can be cracked quickly.)
• Ciphers with known vulnerabilities, such as some implementations of RC4, AES and DES (e.g. To protect clients with incorrect CBC implementations for AES and DES, use RC4.)
• Encryption bit strengths less than 128
• Older styles of re-negotiation (These are vulnerable to man-in-the-middle (MITM) attacks.)
• Client-initiated re-negotiation
See also