[SAC] [OSGeo] #2644: Disable TLS 1.0 on osgeo3, osgeo4, osgeo6, osgeo7
OSGeo
trac_osgeo at osgeo.org
Tue Sep 21 12:23:59 PDT 2021
#2644: Disable TLS 1.0 on osgeo3, osgeo4, osgeo6, osgeo7
---------------------------+----------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2021-II
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+----------------------------------------
Comment (by robe):
Okay I had turned it off in /etc/nginx/nginx.conf
Issue was letsencrypt was overriding the setting in nginx.conf. So had to
turn it off here too: nano /etc/letsencrypt/options-ssl-nginx.conf
{{{
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
}}}
After that change I reran:
{{{
systemctl restart nginx
}}}
and then testing with nmap again
{{{
nmap --script ssl-enum-ciphers -p 443 osgeo4.osgeo.osuosl.org
}}}
Shows no more TLSv1. Though it doesn't show the TLSv1.3 I added either
but oh well.
I've only done for osgeo4. I'll repeat for osgeo6, osgeo3, and osgeo7
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2644#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list