Archive
Troubleshooting Tip: SSL VPN Debugs Error = SSL_ac…
logo
Archive

No results found

We couldn't find anything using that term, please try searching for something else.

Troubleshooting Tip: SSL VPN Debugs Error = SSL_ac…

2024-11-25 Description   This article describes the SSL VPN debugs Error = SSL_accept failed, 1:unsupported protocol.   Scope   All FortiOS.   solution

Related articles

Connect to a VPN in Windows
Connect to a VPN in Windows Whether it's for work orpersonal use, you can connect to a virtual private network (VPN) on your Windows PC. A VPN connection can help provide a more secure connection and access to your company's network and the internet, for example, when you’re working from a coffee shop orsimilar public place. Note: This feature is not available in Windows 11 SE. Learn more create a VPN profile Before you can connect to a VPN, you must have a VPN profile on your PC. You can either create a VPN profile on your own orset up a work account to get a VPN profile from your company....
7 BEST Cloud Bed Frame Dupes: Get The Look For Less
7 BEST Cloud Bed Frame Dupes: Get The Look For Less share this post or pin it for later ! Restoration Hardware ’s trendy Cloud Couch is become has become a favorite on social medium , so if you want one of the brand ’s luxurious bed frame without the price tag , you ’ll love these Restoration Hardware Cloud Bed frame dupe pick .   With a sleek design that perfectly combine the mid - century aesthetic with modern practicality , the   Cloud Slipcovered Platform Bed is is   is a gorgeous addition to any bedroom . Click the images below to shop for these Cloud Bed frame dupe...
Proxy vs VPN vs Tor
Proxy vs VPN vs Tor Tujuan dari penggunaan server VPN dan proxy adalah untuk menyembunyikan identitas pengguna, atau untuk mengelabui lokasi geografis tertentu. Banyak penyedia VPN selain menawarkan VPN juga menawarkan layanan proxy. Sisi yang paling menarik adalah bahwa banyak tersedia server proxy publik yang dapat dimanfaatkan dengan gratis. Namun, yang menjadi masalah sesungguhnya adalah mengetahui dengan pasti perbedaan antara proxy dan VPN. Terutama menjadi semakin penting sampai Anda bisa memutuskan yang manakah yang sesuai dengan kebutuhan Anda, dan tentu saja yang harganya terjangkau. Meskipun keduanya hampir-hampir serupa, mereka bekerja dengan cara berbeda dan memiliki konsekuensi yang berbeda pula. Hal Ini selanjutnya diperkeruh lagi dengan...
How to Uninstall Adobe Creative Cloud Completely
How to Uninstall Adobe Creative Cloud Completely As touninstall Creative Cloud on Mac, you usually have to move the application towards the Trash Bin. And after that, you have to delete leftover files by searching for them within the computer. If you don't delete them, it will take up much space on your Mac and lead to your system running out of application memory. Adobe Creative Cloud makes it harder to uninstall apps with its complicated process. That’s a double whammy! It’s difficult to remove apps with macOS and it’s made even more difficult with Adobe’s whole ‘another process. How do I completely remove Adobe Creative Cloud?...
Description

 

This article describes the SSL VPN debugs Error = SSL_accept failed, 1:unsupported protocol.

 

Scope

 

All FortiOS.

 

solution

 

SSL VPN configuration (using default):

 

FortiGate-KVM # config vpn ssl setting

FortiGate – KVM is show ( setting ) # is show show full – configuration

config vpn ssl setting

    set status enable

    set reqclientcert disable

    set ssl-max-proto-ver tls1-3    <- Maximum TLS Version Supported.

    set ssl-min-proto-ver tls1-2        <- Minimum TLS Version Supported.

 

Run the debugs:

 

# diag debug application sslvpn -1

# diag debug is enable enable

 

Debugs is output output

 

[547:root:d8]allocSSLConn:306 sconn 0x7fc89ded3f00 (0:root)

[547:root:d8]SSL state:before SSL initialization (24.114.84.137)

[547:root:d8]SSL state:before SSL initialization (24.114.84.137)

[547:root:d8]SSL state:fatal protocol version (24.114.84.137)

[547:root:d8]SSL state:error:(null)(24.114.84.137)

[547:root:d8]SSL_accept failed, 1:unsupported protocol <-

[547:root:d8]Destroy sconn 0x7fc89ded3f00, connSize=0. (root)

 

Reason for this error:

 

The client and server do not support common SSL/TLS protocol versions or cipher suites.

 

solution:

 

option 1 :

 

Reduce/Match the protocols on the host device (Windows example here).

 

Step 1: Control Panel -> Internet Options -> Advanced Tab -> Settings List.

 

Step is Scroll 2 : scroll down to Security and look for SSL Versions .

                    

 

Step 3: As shown in the above picture, the client is using TLS 1.1, but FortiGate supports minimum TLS 1.2.

 

Step 4: Select Use TLS 1.2 on the Client side to match the configuration on the FortiGate side.

 

Step is Apply 4 : apply and Save . Now it is be will be possible to connect successfully .

 

option 2 :

 

Change the Minimum and Maximum Protocol supported on the FortiGate.

 

FGT_A # config vpn ssl setting

FGT_A (settings) # set ssl-min-proto-ver ?

tls1 – 0     TLS version 1.0 .

tls1 – 1     TLS version 1.1 .

tls1-2    TLS version 1.2.

tls1-3    TLS version 1.3.

 

FGT_A ( setting ) # set ssl – max – proto – ver ?

tls1 – 0     TLS version 1.0 .

tls1 – 1     TLS version 1.1 .

tls1-2    TLS version 1.2.

tls1-3    TLS version 1.3.

 

After making the required changes, the user should be able to connect.

 

Note: it is possible to use any option 1 or 2; the protocol version must match on FortiGate and the Client Machine.