You are here: Secure connections (SSL/TLS) > Supported cipher suites & protocol versions

Supported cipher suites & protocol versions

How secure is an HTTPS connection?

This is partially physical considerations such as restricting access to private keys and decrypted traffic (see Offloading vs. inspection). Another part is the encryption.

A secure connection’s protocol version and cipher suite, including encryption bit strength and encryption algorithms, is negotiated between the client and the SSL/TLS terminator during the handshake.

The FortiWeb operation mode determines which device is the SSL terminator. It is either:

When FortiWeb is the SSL terminator, FortiWeb controls which ciphers are allowed (see SSL offloading cipher suites and protocols (reverse proxy and true transparent proxy)).

When the web server is the terminator, it controls which ciphers are allowed (see SSL inspection cipher suites and protocols (offline and transparent inspection)). If it selects a cipher that FortiWeb does not support, FortiWeb cannot perform the SSL inspection task.

SSL offloading cipher suites and protocols (reverse proxy and true transparent proxy)

If you have configured SSL offloading for your FortiWeb operating in reverse proxy mode, you can specify both which protocols it allows and whether the supported set of cipher suites create a medium-level or high-level security environment. In true transparent proxy mode, you can specify these same advanced SSL settings to configure offloading for a server pool member. For information on accessing these settings, see Configuring a server policy and Creating a server pool.

The SSL/TLS encryption level in the advanced SLL settings provides the following two options:

High/medium SSL/TLS encryption levels
Cipher TLS 1.2 TLS 1.0, 1.1 SSL 3.0
ECDHE-RSA-AES256-GCM-SHA384 Yes    
ECDHE-RSA-AES256-SHA384 Yes    
ECDHE-RSA-AES256-SHA Yes Yes  
DHE-RSA-AES256-GCM-SHA384 Yes    
DHE-RSA-AES256-SHA256 Yes    
DHE-RSA-AES256—SHA Yes Yes Yes
DHE-RSA-CAMELLIA256-SHA Yes Yes Yes
AES256-GCM-SHA384 Yes    
AES256-SHA256 Yes    
AES256-SHA Yes Yes Yes
CAMELLIA256-SHA Yes Yes Yes
ECDHE-RSA-AES128-GCM-SHA256 Yes    
ECDHE-RSA-AES128-SHA256 Yes    
ECDHE-RSA-AES128-SHA Yes Yes  
DHE-RSA-AES128-GCM-SHA256 Yes    
DHE-RSA-AES128-SHA256 Yes    
DHE-RSA-AES128-SHA Yes Yes Yes
DHE-RSA-CAMELLIA128-SHA Yes Yes Yes
AES128-GCM-SHA256 Yes    
AES128-SHA256 Yes    
AES128-SHA Yes Yes Yes
CAMELLIA128-SHA Yes Yes Yes
ECDHE-RSA-DES-CBC3-SHA Yes Yes  
EDH-RSA-DES-CBC3-SHA Yes Yes Yes
DES-CBC3-SHA Yes Yes Yes
Medium-only SSL/TLS encryption levels
Cipher TLS 1.2 TLS 1.0, 1.1 SSL 3.0
DHE-RSA-SEED-SHA Yes Yes Yes
SEED-SHA Yes Yes Yes
IDEA-CBC-SHA Yes Yes Yes
ECDHE-RSA-RC4-SHA Yes Yes  
RC4-SHA Yes Yes Yes
RC4-MD5 Yes Yes Yes

Generally speaking, for security reasons, SHA-1 is preferable, although you may not be able to use it for client compatibility reasons. Avoid using:

SSL inspection cipher suites and protocols (offline and transparent inspection)

In transparent inspection and offline protection modes, if the client and server communicate using a cipher that FortiWeb does not support, FortiWeb cannot perform the SSL inspection task.

If you are not sure which cipher suites your web server supports, you can use a client-side tool to test. See Checking the SSL/TLS handshake & encryption.

Supported ciphers for offline and transparent inspection
Cipher suite Cipher TLS 1.2 TLS 1.0, 1.1 SSL 3.0
TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 Yes Yes Yes
TLS_RSA_WITH_RC4_128_SHA RC4-SHA Yes Yes Yes
TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA Yes Yes Yes
TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA Yes Yes Yes
TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA Yes Yes Yes
TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA Yes Yes Yes
TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256 No No Yes
TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256 No No Yes
In offline and transparent inspection mode, FortiWeb does not support Ephemeral Diffie-Hellman key exchanges, which may be accepted by clients such as Google Chrome.
See also