[SAC] [OSGeo] #2644: Disable TLS 1.0 on osgeo3, osgeo4, osgeo6, osgeo7
OSGeo
trac_osgeo at osgeo.org
Tue Sep 21 13:01:50 PDT 2021
#2644: Disable TLS 1.0 on osgeo3, osgeo4, osgeo6, osgeo7
---------------------------+----------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: closed
Priority: normal | Milestone: Sysadmin Contract 2021-II
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+----------------------------------------
Changes (by robe):
* status: new => closed
* resolution: => fixed
Comment:
osgeo6 the https port doesn't allow TLSV1 but the SMTP ports do, so had to
change
/etc/postfix/main.cf
had to add these lines
{{{
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1
smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1
}}}
confirmed with
{{{
nmap --script ssl-enum-ciphers -p 587 osgeo6.osgeo.osuosl.org
nmap --script ssl-enum-ciphers -p 25 osgeo6.osgeo.osuosl.org
nmap --script ssl-enum-ciphers -p 465 osgeo6.osgeo.osuosl.org #didn't
come back with ciphers, just said it was up so don't know
}}}
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2644#comment:3>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list