The Cipher Suites HTTPS cluster parameter lists the supported encryption algorithms for incoming HTTPS requests. If a client request comes into FortiADC that does not use a cipher in this list, the connection is refused. If this field is blank, then any cipher suite supported by FortiADC’s SSL implementation (or by Hardware SSL Acceleration, when enabled) will be accepted.
To view or set the Cipher Suites field for a cluster, click on the cluster name in the left navigational pane, select the HTTPS cluster, and then select the Security > SSL tab in the right pane.
The following default setting for cipher suite is used:
AES128-SHA:DES-CBC3-SHA:RC4-SHA:RC4-MD5:AES256-SHA
For an FortiADC with hardware acceleration enabled, the following default value is used:
DES-CBC3-SHA:RC4-SHA:RC4-MD5:AES256-SHA
See Replacing the Default Certificate, Key, and Cipherspec for descriptions on replacing the default cipher suite.R
This field can be used to specify a custom cipher suite required by the servers in a cluster. In general, to add a cipher suite, you specify a plus sigh (+) and then the name of the suite. To specifically exclude a cipher suite, use an exclamation point (!).
For example, SSLv2 encryption is supported by default. If your servers are required to support medium and high encryption using SSLv3 only, you can add “!SSLv2” to cipher suite. For example, the following cipher suite string will cause all non-SSLv3 client requests to be refused:
AES128-SHA:DES-CBC3-SHA:RC4-SHA:RC4-MD5:AES256-SHA:!SSLv2:+SSLv3
The Cipher Suites field requires a string in the format described in the OpenSSL cipher suite documentation, at:
http://www.openssl.org/docs/apps/ciphers.html
The following table lists the software cipher suites supported by FortiADC.
|
Ciphers |
Key Exchange |
Protocol |
Authentication |
Encryption |
Message Authentication Code |
|---|---|---|---|---|---|
| AES256-GCM-SHA384 | RSA | TLSv1.2 | RSA | AESGCM(256) | AEAD |
| AES256-SHA256 | RSA | TLSv1.2 | RSA | AES(256) | SHA256 |
| AES256-SHA | RSA | SSLv3 | RSA | AES(256) | SHA1 |
| CAMELLIA256-SHA | RSA | SSLv3 | RSA | Camellia(256) | SHA1 |
| DES-CBC3-SHA | RSA | SSLv3 | RSA | 3DES(168) | SHA1 |
| AES128-GCM-SHA256 | RSA | TLSv1.2 | RSA | AESGCM(128) | AEAD |
| AES128-SHA256 | RSA | TLSv1.2 | RSA | AES(128) | SHA256 |
| AES128-SHA | RSA | SSLv3 | RSA | AES(128) | SHA1 |
| SEED-SHA | RSA | SSLv3 | RSA | SEED(128) | SHA1 |
| CAMELLIA128-SHA | RSA | SSLv3 | RSA | Camellia(128) | SHA1 |
| IDEA-CBC-SHA | RSA | SSLv3 | RSA | IDEA(128) | SHA1 |
| RC4-SHA | RSA | SSLv3 | RSA | RC4(128) | SHA1 |
| RC4-MD5 | RSA | SSLv3 | RSA | RC4(128) | MD5 |
| DES-CBC-SHA | RSA | SSLv3 | RSA | DES(56) | SHA1 |
| EXP-DES-CBC-SHA | RSA(512) | SSLv3 | RSA | DES(40) | SHA1 export |
| EXP-RC2-CBC-MD5 | RSA(512) | SSLv3 | RSA | RC2(40) | MD5 export |
| EXP-RC4-MD5 | RSA(512) | SSLv3 | RSA | RC4(40) | MD5 export |
| AES256-GCM-SHA384 | RSA | TLSv1.2 | RSA | AESGCM(256) | AEAD |
Supported PFS Ciphersuites
The following table lists the PFS ciphersuites supported by FortiADC.
| Ciphers | Key Exhange |
|---|---|
| ECDHE-RSA-AES256-GCM-SHA384 | RSA |
| ECDHE-ECDSA-AES256-GCM-SHA384 | ECDSA |
| ECDHE-RSA-AES256-SHA384 | RSA |
| ECDHE-ECDSA-AES256-SHA384 | ECDSA |
| ECDHE-RSA-AES256-SHA | RSA |
| ECDHE-ECDSA-AES256-SHA | ECDSA |
| DHE-DSS-AES256-GCM-SHA384 | DSS |
| DHE-RSA-AES256-GCM-SHA384 | RSA |
| DHE-RSA-AES256-SHA256 | RSA |
| DHE-DSS-AES256-SHA256 | DSS |
| DHE-RSA-AES256-SHA | RSA |
| DHE-DSS-AES256-SHA | DSS |
| DHE-RSA-CAMELLIA256-SHA | RSA |
| DHE-DSS-CAMELLIA256-SHA | DSS |
| ECDHE-RSA-AES128-GCM-SHA256 | RSA |
| ECDHE-ECDSA-AES128-GCM-SHA256 | ECDA |
| ECDHE-RSA-AES128-SHA256 | RSA |
| ECDHE-ECDSA-AES128-SHA256 | ECDSA |
| ECDHE-RSA-AES128-SHA | RSA |
| ECDHE-ECDSA-AES128-SHA | ECDSA |
| DHE-DSS-AES128-GCM-SHA256 | DSS |
| DHE-RSA-AES128-GCM-SHA256 | RSA |
| DHE-RSA-AES128-SHA256 | RSA |
| DHE-DSS-AES128-SHA256 | DSS |
| DHE-RSA-AES128-SHA | RSA |
| DHE-DSS-AES128-SHA | DSS |
| DHE-RSA-SEED-SHA | RSA |
| DHE-DSS-SEED-SHA | DSS |
| DHE-RSA-CAMELLIA128-SHA | RSA |
| DHE-DSS-CAMELLIA128-SHA | DSS |
| ECDHE-RSA-RC4-SHA | RSA |
| ECDHE-ECDSA-RC4-SHA | ECDSA |
| ECDHE-RSA-DES-CBC3-SHA | RSA |
| ECDHE-ECDSA-DES-CBC3-SHA | ECDSA |
| Ciphers | Protocol | Key Exchange |
Authentication |
Encryption | Message Authentication Code |
|---|---|---|---|---|---|
| TLS1_RSA_EXPORT1024_WITH_RC4_56_MD5 | <=TLS 1.1 | RSA | RSA | RC4 | MD5 export |
| TLS1_RSA_EXPORT1024_WITH_RC4_56_SHA; | <=TLS 1.1 | RSA | RSA | RC4 | SHA export |
| SSL3_RSA_RC4_40_MD5 | <=TLS 1.1 | RSA | RSA | RC4 (40) | MD5 |
| TLS1_RSA_EXPORT1024_WITH_DES_CBC_SHA | <=TLS 1.1 | RSA | RSA | DES | SHA |
| SSL3_RSA_DES_40_CBC_SHA; | <=TLS 1.1 | RSA | RSA | DES (40) | SHA |
| SSL3_RSA_DES_64_CBC_SHA | <=TLS 1.1 | RSA | RSA | DES (64) | SHA |
| SSL3_RSA_RC4_128_MD5 | SSL 3.0 | RSA | RSA | RC4 (128) | SHA |
| SSL3_RSA_RC4_128_SHA | SSL 3.0 | RSA | RSA | RC4 (128) | SHA |
| SSL3_RSA_DES_192_CBC3_SHA | SSL 3.0 | RSA | RSA | DES (192) | MD5 |
| SSL2_RC4_128_WITH_MD5 | SSL 2.0 | RSA | RSA | RC4 (128) | MD5 |
| SSL2_RC4_128_EXPORT40_WITH_MD5 | SSL 2.0 | RSA | RSA | RC4 (128) | MD5 |
| SSL2_DES_64_CBC_WITH_MD5 | SSL 2.0 | RSA | RSA | DES (64) | MD5 |
| SSL2_DES_192_EDE3_CBC_WITH_MD5 | SSL 2.0 | RSA | RSA | DES (192) | MD5 |
| TLS1_RSA_WITH_AES_128_SHA | TLS 1.0 | RSA | RSA | AES (128) | SHA |
| TLS_RSA_WITH_AES_256_SHA | TLS 1.0 | RSA | RSA | AES (256) | SHA |
| TLS_RSA_WITH_AES_128_SHA256 | TLS 1.2 | RSA | RSA | AES (128) | SHA (256) |
| TLS_RSA_WITH_AES_256_SHA256 | TLS 1.2 | RSA | RSA | AES (256) | SHA (256) |
| TLS1_RSA_WITH_AES_128_GCM_SHA256 | TLS 1.2 | RSA | RSA | AESGCM (128) | SHA (256) |
| TLS1_RSA_WITH_AES_256_GCM_SHA384 | TLS 1.2 | RSA | RSA | AESGCM (256) | SHA (384) |
The cipher suite parameter for an HTTPS cluster lists all of the ciphers that can be negotiated between FortiADC and an incoming client attempting to connect to an HTTPS cluster. Similarly, the client application will have its own list of ciphers that it supports. The client and FortiADC need to go through a process of negotiating the cipher that will be used for the client connection -- if they cannot find a match, the connection will fail. The process of negotiating a cipher for a client connection is as follows:
It is therefore vital that you ensure that there is at least one match between the list of ciphers supported by clients connecting to an HTTPS cluster and the Cipher Suite list for the cluster.
Default Cipher Suites