I have a Fortigate product running FortiOS 5.4.x and I can't mitigate the Sweet32 vulnerability.
I've already enabled the high security algorithms and disabled the SSL3 / TLS1.0 for Beast & Crime as shown below.
config system global
set strong-crypto enable
end
config vpn ssl setting
set sslv3 disable
set tls1-0 disable
How can I address this?
Best Answer
According to the FortiOS 5.4.1 CLI Reference it is possible to block specific cipher suites such as 3DES from being used. There is little documentation on the use of this option but I have verified it does indeed function as needed. Unfortunately there doesn't appear to be a matching command in 5.2 or earlier.