Does anyone know (either on the FortiGate itself or on a workstation with FortiClient installed), how I can verify which version of TLS is being used and which cipher suite is being used to establish the VPN connection?
Test externally using this, to show certificate strength and get an idea on the various ciphers than can be used: SSL Server Test (Powered by Qualys SSL Labs)
Refer to this for adjusting them: Technical Tip: How to control the SSL version and ... - Fortinet Community
In terms of “actual” connections, you should be able to use “diag debug application sslvpn -1” to show you from the firewall which algorithms are being selected.
ssllabs is a good and quick way to test, as u/OuchItBurnsWhenIP wrote, but it’s restricted to TCP/443 only, which may be a problem if you’re running SSL-VPN on a different port.
Another option is scanning it with nmap with the --script ssl-enum-ciphers option, but that doesn’t support TLS 1.3 AFAIK.
Lastly, you can just google for and grab the first bash script for listing supported ciphers that you can find. 
Bear in mind that depending on the settings for FGT & FCT, it may negotiate DTLS for the VPN transport which will currently be limited to v1.2 (roughly the same as TLS 1.2). DTLS 1.3 is still being finalised which is equivalent to TLS 1.3.
The DTLS part will often start as 1.0 and then go up to 1.2. DTLS 1.0 is actually the equivalent of TLS 1.1 though (there is no DTLS 1.1).