Control Web Panel
WebPanel => SSL => Topic started by: fysioski on September 13, 2021, 02:57:55 PM
-
Hello, how can we disable TLS v1.0 and v1.1 in openSSL? We tries all but then openSSL breaks all. We are able to disable tls on apache and NGIX but not on openSSL. Please any suggestions?
Thanks, Ron
-
each service (apache, nginx, postfix, dovecot...) you use can be configured to use multiple TLS versions so you simply need to modify services and not openssl.
-
Hello, how can we disable TLS v1.0 and v1.1 in openSSL? We tries all but then openSSL breaks all. We are able to disable tls on apache and NGIX but not on openSSL. Please any suggestions?
Thanks, Ron
Are you by any chance referring to "OpenSSH" instead "OpenSSL"...?!
If so, then your best bet is to follow what the <https://cipherlist.eu> website says, as a starting point.
Change your /etc/ssh/sshd_config file as following:
Protocol 2
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKeyAlgorithms ssh-ed25519,rsa-sha2-512,rsa-sha2-256
KexAlgorithms curve25519-sha256@libssh.org,curve25519-sha256,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
...and restart your openssh server (as root user):
# systemctl restart openssh
Regards,
Netino