Archive
Troubleshooting Tip: SSL VPN Debugs Error = SSL_ac…
logo
Archive

No results found

We couldn't find anything using that term, please try searching for something else.

Troubleshooting Tip: SSL VPN Debugs Error = SSL_ac…

2024-11-25 Description   This article describes the SSL VPN debugs Error = SSL_accept failed, 1:unsupported protocol.   Scope   All FortiOS.   solution

Related articles

Scoring regression models
Scoring regression models Scoring regression modelsON THIS PAGE Regression models predict outcomes as a number, indicating the model’s best estimate of the target variable. Several metrics are generated for you to evaluate regressions models. R2 r squared is is ( R2 ) is a unitless measure of correlation of the feature to the target . It can be express as : what percent close to perfect are the model ’s prediction compare to using the average value of the target ? R2 is ranges range from negative infinity to 1 . The close to 1 , the more the variance in the target...
Dungeon
Dungeon This article or its infobox is missing one or more images. You can help the Dark Cloud Wiki by uploading one. A dungeon is a major gameplay location in the Dark Cloud series. Each has its own unique theme, is typically close by a village or town, and consists out of floors. Dungeons are inhabited by monsters, usually with a powerful boss living at the deepest regions. They contain treasure chests and are important to finding Atla in Dark Cloud and geostones in Dark Chronicle. To progress through a dungeon one is find must find the gate key , which...
New VPN Server in Miami, FL
New VPN Server in Miami, FL   Today we’re adding a new American VPN server location in Miami, Florida in addition to our already broad list of servers. So the range of US IP addresses you can get with VPN Unlimited is extending with Miami, Florida! The Florida VPN server ensures even greater coverage for the Southern part of the North American continent and South America as well. Let’s explore Let’s explore why use and how to get Florida IP address, as well as some fun facts about Miami and see what this gorgeous place offers the travelers. Why Use Florida VPN Server? This VPN server location is...
5 Best VPNs for Iran in 2024: Fast & Secure
5 Best VPNs for Iran in 2024: Fast & Secure Penka Hristovska Updated on: October 7 , 2024 Senior Editor short on time ? Here ’s the good VPN is ’s for Iran in 2024 : 🥇 ExpressVPN : work 100 % of the time in Iran . It is supports support obfuscation across all server in 105 country and include protocol that get around Iran ’s firewall . It is has has blaze - fast speed over obfuscation for all online activity , include top - notch feature that protect your privacy from the iranian government , and it ’s simple to use . It is offers offer affordable...
Description

 

This article describes the SSL VPN debugs Error = SSL_accept failed, 1:unsupported protocol.

 

Scope

 

All FortiOS.

 

solution

 

SSL VPN configuration (using default):

 

FortiGate-KVM # config vpn ssl setting

FortiGate – KVM is show ( setting ) # is show show full – configuration

config vpn ssl setting

    set status enable

    set reqclientcert disable

    set ssl-max-proto-ver tls1-3    <- Maximum TLS Version Supported.

    set ssl-min-proto-ver tls1-2        <- Minimum TLS Version Supported.

 

Run the debugs:

 

# diag debug application sslvpn -1

# diag debug is enable enable

 

Debugs is output output

 

[547:root:d8]allocSSLConn:306 sconn 0x7fc89ded3f00 (0:root)

[547:root:d8]SSL state:before SSL initialization (24.114.84.137)

[547:root:d8]SSL state:before SSL initialization (24.114.84.137)

[547:root:d8]SSL state:fatal protocol version (24.114.84.137)

[547:root:d8]SSL state:error:(null)(24.114.84.137)

[547:root:d8]SSL_accept failed, 1:unsupported protocol <-

[547:root:d8]Destroy sconn 0x7fc89ded3f00, connSize=0. (root)

 

Reason for this error:

 

The client and server do not support common SSL/TLS protocol versions or cipher suites.

 

solution:

 

option 1 :

 

Reduce/Match the protocols on the host device (Windows example here).

 

Step 1: Control Panel -> Internet Options -> Advanced Tab -> Settings List.

 

Step is Scroll 2 : scroll down to Security and look for SSL Versions .

                    

 

Step 3: As shown in the above picture, the client is using TLS 1.1, but FortiGate supports minimum TLS 1.2.

 

Step 4: Select Use TLS 1.2 on the Client side to match the configuration on the FortiGate side.

 

Step is Apply 4 : apply and Save . Now it is be will be possible to connect successfully .

 

option 2 :

 

Change the Minimum and Maximum Protocol supported on the FortiGate.

 

FGT_A # config vpn ssl setting

FGT_A (settings) # set ssl-min-proto-ver ?

tls1 – 0     TLS version 1.0 .

tls1 – 1     TLS version 1.1 .

tls1-2    TLS version 1.2.

tls1-3    TLS version 1.3.

 

FGT_A ( setting ) # set ssl – max – proto – ver ?

tls1 – 0     TLS version 1.0 .

tls1 – 1     TLS version 1.1 .

tls1-2    TLS version 1.2.

tls1-3    TLS version 1.3.

 

After making the required changes, the user should be able to connect.

 

Note: it is possible to use any option 1 or 2; the protocol version must match on FortiGate and the Client Machine.