How secure is an HTTPS connection?
There are physical considerations, such as restricting access to private keys and decrypted traffic. Another part is the encryption. For details, see Offloading vs. inspection.
A secure connection’s protocol version and cipher suite, including encryption bit strength and encryption algorithms, is negotiated between the client and the SSL/TLS terminator during the handshake.
The FortiWeb operation mode determines which device is the SSL terminator. It is either:
When FortiWeb is the SSL terminator, FortiWeb controls which ciphers are allowed. For details, see SSL offloading cipher suites and protocols (Reverse Proxy and True Transparent Proxy).
When the web server is the terminator, it controls which ciphers are allowed. If it selects a cipher that FortiWeb does not support, FortiWeb cannot perform the SSL inspection task. For details, see SSL inspection cipher suites and protocols (offline and Transparent Inspection).
If you have configured SSL offloading for your FortiWeb operating in Reverse Proxy mode, you can specify which protocols a server policy allows and whether the set of cipher suites it supports is medium-level security, high-level security or a customized set. For details, see Configuring an HTTP server policy.
In True Transparent Proxy mode, you can specify these same advanced SSL settings to configure offloading for a server pool member. For details, see Creating a server pool.
The SSL/TLS encryption level in the advanced SSL settings provides the following options:
Cipher | TLS 1.2 | TLS 1.0, 1.1 |
---|---|---|
ECDHE-RSA-AES256-GCM-SHA384 | Yes | |
DHE-RSA-AES256-GCM-SHA384 | Yes | |
ECDHE-RSA-CHACHA20-POLY1305 | Yes | |
DHE-RSA-CHACHA20-POLY1305 | Yes | |
DHE-RSA-AES256-CCM8 | Yes | |
DHE-RSA-AES256-CCM | Yes | |
ECDHE-RSA-AES128-GCM-SHA256 | Yes | |
DHE-RSA-AES128-GCM-SHA256 | Yes | |
DHE-RSA-AES128-CCM8 | Yes | |
DHE-RSA-AES128-CCM | Yes | |
ECDHE-RSA-AES256-SHA384 | Yes | |
DHE-RSA-AES256-SHA256 | Yes | |
ECDHE-RSA-CAMELLIA256-SHA384 | Yes | |
DHE-RSA-CAMELLIA256-SHA256 | Yes | |
ECDHE-RSA-AES128-SHA256 | Yes | |
DHE-RSA-AES128-SHA256 | Yes | |
ECDHE-RSA-CAMELLIA128-SHA256 | Yes | |
DHE-RSA-CAMELLIA128-SHA256 | Yes | |
ECDHE-RSA-AES256-SHA | Yes | Yes |
DHE-RSA-AES256-SHA | Yes | Yes |
DHE-RSA-CAMELLIA256-SHA | Yes | Yes |
ECDHE-RSA-AES128-SHA | Yes | Yes |
DHE-RSA-AES128-SHA | Yes | Yes |
DHE-RSA-CAMELLIA128-SHA | Yes | Yes |
AES256-GCM-SHA384 | Yes | |
AES256-CCM8 | Yes | |
AES256-CCM | Yes | |
AES128-GCM-SHA256 | Yes | |
AES128-CCM8 | Yes | |
AES128-CCM | Yes | |
AES256-SHA256 | Yes | |
CAMELLIA256-SHA256 | Yes | |
AES128-SHA256 | Yes | |
CAMELLIA128-SHA256 | Yes | |
AES256-SHA | Yes | Yes |
CAMELLIA256-SHA | Yes | Yes |
AES128-SHA | Yes | Yes |
CAMELLIA128-SHA | Yes | Yes |
ECDHE-ECDSA-AES256-GCM-SHA384 | Yes | |
ECDHE-ECDSA-CHACHA20-POLY1305 | Yes | |
ECDHE-ECDSA-AES256-CCM8 | Yes | |
ECDHE-ECDSA-AES256-CCM | Yes | |
ECDHE-ECDSA-AES128-GCM-SHA256 | Yes | |
ECDHE-ECDSA-AES128-CCM8 | Yes | |
ECDHE-ECDSA-AES128-CCM | Yes | |
ECDHE-ECDSA-AES256-SHA384 | Yes | |
ECDHE-ECDSA-CAMELLIA256-SHA384 | Yes | |
ECDHE-ECDSA-AES128-SHA256 | Yes | |
ECDHE-ECDSA-CAMELLIA128-SHA256 | Yes | |
ECDHE-ECDSA-AES256-SHA | Yes | Yes |
ECDHE-ECDSA-AES128-SHA | Yes | Yes |
DHE-DSS-AES256-GCM-SHA384 | Yes | |
DHE-DSS-AES128-GCM-SHA256 | Yes | |
DHE-DSS-AES256-SHA256 | Yes | |
DHE-DSS-CAMELLIA256-SHA256 | Yes | |
DHE-DSS-AES128-SHA256 | Yes | |
DHE-DSS-CAMELLIA128-SHA256 | Yes | |
DHE-DSS-AES256-SHA | Yes | Yes |
DHE-DSS-CAMELLIA256-SHA | Yes | Yes |
DHE-DSS-AES128-SHA | Yes | Yes |
DHE-DSS-CAMELLIA128-SHA | Yes | Yes |
Cipher | TLS 1.2 | TLS 1.0, 1.1 |
---|---|---|
DHE-RSA-SEED-SHA | Yes | Yes |
Generally speaking, for security reasons, SHA-1 is preferable, although you may not be able to use it for client compatibility reasons. Avoid using:
Cipher | TLS 1.2 | TLS 1.0, 1.1 |
---|---|---|
ECDHE_RSA_DES_CBC3_SHA |
Yes |
Yes |
DES_CBC3_SHA |
Yes |
Yes |
In Transparent Inspection and Offline Protection modes, if the client and server communicate using a cipher that FortiWeb does not support, FortiWeb cannot perform the SSL inspection task.
If you are not sure which cipher suites your web server supports, you can use a client-side tool to test. For details, see Checking the SSL/TLS handshake & encryption.
Cipher | TLS 1.2 | TLS 1.0, 1.1 |
---|---|---|
AES128-SHA | Yes | Yes |
AES256-SHA | Yes | Yes |
AES128-SHA256 | Yes | |
AES256-SHA256 | Yes | |
AES256-GCM-SHA384 | Yes | |
AES128-GCM-SHA256 | Yes | |
CAMELLIA256-SHA | Yes | Yes |
SEED-SHA | Yes | Yes |
CAMELLIA128-SHA | Yes | Yes |
In offline and Transparent Inspection mode, FortiWeb does not support Ephemeral Diffie-Hellman key exchanges, which may be accepted by clients such as Google Chrome. |