Author Topic: Disable TLSv1.0 and v1.1 in openssl  (Read 5827 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Disable TLSv1.0 and v1.1 in openssl
« on: September 13, 2021, 02:57:55 PM »
Hello, how can we disable TLS v1.0 and v1.1 in openSSL? We tries all but then openSSL breaks all. We are able to disable tls on apache and NGIX but not on openSSL. Please any suggestions?

Thanks, Ron

Offline
*
Re: Disable TLSv1.0 and v1.1 in openssl
« Reply #1 on: September 14, 2021, 05:34:57 AM »
each service (apache, nginx, postfix, dovecot...) you use can be configured to use multiple TLS versions so you simply need to modify services and not openssl.
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
***
Re: Disable TLSv1.0 and v1.1 in openssl
« Reply #2 on: September 19, 2021, 04:39:29 AM »
Hello, how can we disable TLS v1.0 and v1.1 in openSSL? We tries all but then openSSL breaks all. We are able to disable tls on apache and NGIX but not on openSSL. Please any suggestions?

Thanks, Ron

Are you by any chance referring to "OpenSSH" instead "OpenSSL"...?!
If so, then your best bet is to follow what the <https://cipherlist.eu> website says, as a starting point.

Change your /etc/ssh/sshd_config file as following:

Code: [Select]
Protocol 2
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKeyAlgorithms ssh-ed25519,rsa-sha2-512,rsa-sha2-256
KexAlgorithms curve25519-sha256@libssh.org,curve25519-sha256,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com

...and restart your openssh server (as root user):
Code: [Select]
# systemctl restart openssh

Regards,
Netino