Changes to SSL abbreviate handshake (407544)

Leave a reply

Changes to SSL abbreviate handshake (407544)

The SSL handshake process has changed to make troubleshooting easier.

  • In order to better identify which clients have caused SSL errors, the WAD SSL log will use the original source address rather than the source address of packets. l The return value of wad_ssl_set_cipher is checked.
  • The wad_ssl_session_match has been removed because it will add the connection into bypass cache and bypass further inspection.
  • DSA and ECDSA certificates are filtered for admin-server-cert l cert-inspect is reset after a WAD match to a Layer 7 policy l An option to disable the use of SSL abbreviate handshake has been added
CLI addition

config firewall ssl setting set abbreviate-handshake [enable|disable]

This entry was posted in FortiOS 5.6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.