Secure connections (SSL/TLS) : Supported cipher suites & protocol versions
Supported cipher suites & protocol versions
How secure is an HTTPS connection?
This is partially physical considerations such as restricting access to private keys and decrypted traffic (see “What is SSL/TLS offloading?”). Another part is the encryption.
A secure connection’s protocol version and cipher suite, including encryption bit strength and encryption algorithms, is negotiated between the client and the SSL terminator (FortiADC) during the handshake.
FortiADC supports:
SSL 2.0 (disabled by default for security reasons)
DES-EDE3-CBC-MD5 — 192-bit
DES-CBC-MD5 — 64-bit
SSL 3.0
AES-SHA — 256-bit & 128-bit
DES-CBC3-SHA — 168-bit
TLS 1.0
AES-SHA — 256-bit & 128-bit
DES-CBC3-SHA — 168-bit
If you are not sure which cipher suites are being used, you can use a client-side tool to test. See “Checking the SSL/TLS handshake & encryption”.
TLS 1.1, AES-256 or ECC, and SHA-1 are preferable. Generally speaking, for security reasons, avoid using:
SSL 2.0
TLS 1.0
Older hash algorithms, such as MD5. (On modern computers, these can be cracked quickly.)
Ciphers with known vulnerabilities, such as some implementations of RC4, AES and DES (e.g. To protect clients with incorrect CBC implementations for AES and DES, use RC4.)
Encryption bit strengths less than 128
Older styles of re-negotiation (These are vulnerable to man-in-the-middle (MITM) attacks.)
Client-initiated re-negotiation
See also
What is SSL/TLS offloading?
How to offload HTTPS