Configuring encryption key algorithms
The FortiGate unit supports a range of cryptographic cipher suites to match the capabilities of various web browsers. The web browser and the FortiGate unit negotiate a cipher suite before any information (for example, a user name and password) is transmitted over the SSL link. You can only configure encyrption key algorithms for SSL VPN in the CLI.
To configure encryption key algorithms - CLI:
Use the following CLI command,
config vpn ssl settings
set algorithm <cipher_suite>
end
where one of the following variables replaces <cipher_suite>:
Variable | Description |
low | Use any cipher suite; AES, 3DES, RC4, or DES. |
medium | Use a 128-bit or greater cipher suite; AES, 3DES, or RC4. |
high | Use a ciper suite grather than 128 bits; AES or 3DES. |
Note that the algorithm <cipher_suite> syntax is only available when the sslvpn-enable attribute is set to enable.
See Also