Minimum version of TLS services automatically changed
For improved security, FortiOS 6.0.17 uses the ssl-min-proto-version
option (under config system global
) to control the minimum SSL protocol version used in communication between FortiGate and third-party SSL and TLS services.
When you upgrade to FortiOS 6.0.17 and later, the default ssl-min-proto-version
option is TLS v1.2. The following SSL and TLS services inherit global settings to use TLS v1.2 as the default. You can override these settings.
- Email server (
config system email-server
) - Certificate (
config vpn certificate setting
) - FortiSandbox (
config system fortisandbox
) - FortiGuard (
config log fortiguard setting
) - FortiAnalyzer (
config log fortianalyzer setting
) - LDAP server (
config user ldap
) - POP3 server (
config user pop3
)