Hot!TLSv1.3 is now an approved standard how will D & E series 5.6 Fortigates deal with it?

Page: < 12 Showing page 2 of 2
Author
Wayne1
Gold Member
  • Total Posts : 198
  • Scores: 4
  • Reward points: 0
  • Joined: 2004/03/11 08:04:32
  • Location: Switzerland
  • Status: offline
Re: TLSv1.3 is now an approved standard how will D & E series 5.6 Fortigates deal with it? 2019/05/07 04:52:00 (permalink)
0
Hi boneyard
 
Nope, can't reach Mozilla, packet capture shows a RST ACK packet sent from the FG to the Client.
I'ts definitely TLS1.3, the policy has no security profiles now, only Deep Inspection, as soon as we switch the policy to certificate inspection everything works normal.
I'll open a support ticket, thanks for pointing me to the right direction.

 
FG-200E, FG-200D, FG-100E, FG-60E, FWF-60D, FWF-60E, FAZVM64, Fortimail VM
#21
Wayne1
Gold Member
  • Total Posts : 198
  • Scores: 4
  • Reward points: 0
  • Joined: 2004/03/11 08:04:32
  • Location: Switzerland
  • Status: offline
Re: TLSv1.3 is now an approved standard how will D & E series 5.6 Fortigates deal with it? 2019/05/09 07:27:22 (permalink)
0
Ok, just to keep everyone informed, it's a well known "Internal" Forti bug with the famous number 0531575. It will be fixed in 6.0.5.
I still don't get it why they can't publish their "internal" bug data base to us customers, we could safe a lot of time and money and would not always open a support ticket for well known bugs.
 

 
FG-200E, FG-200D, FG-100E, FG-60E, FWF-60D, FWF-60E, FAZVM64, Fortimail VM
#22
boneyard
Gold Member
  • Total Posts : 144
  • Scores: 8
  • Reward points: 0
  • Joined: 2014/07/30 11:15:18
  • Status: offline
Re: TLSv1.3 is now an approved standard how will D & E series 5.6 Fortigates deal with it? 2019/05/13 06:49:08 (permalink)
0
did you get any more details about the "issue" which is fixed in 6.0.5? because as mentioned in general TLS1.3 websites work for me in 5.6 and 6.0 in proxy mode.
#23
Wayne1
Gold Member
  • Total Posts : 198
  • Scores: 4
  • Reward points: 0
  • Joined: 2004/03/11 08:04:32
  • Location: Switzerland
  • Status: offline
Re: TLSv1.3 is now an approved standard how will D & E series 5.6 Fortigates deal with it? 2019/05/13 07:24:44 (permalink)
0
They just told me it has to do with a missorder of the cipher in some TLS pages, it's not just a TLS 1.3 problem.
Sorry, that's all I can tell, we had to create already 20 Deep Scan exclusions for such pages.

 
FG-200E, FG-200D, FG-100E, FG-60E, FWF-60D, FWF-60E, FAZVM64, Fortimail VM
#24
Page: < 12 Showing page 2 of 2
Jump to:
© 2019 APG vNext Commercial Version 5.5