Hello!
Happy OPNsense user here since a few years, trying to consolidate my homelab.
Question: Is there a way to select the TLS version for the Nginx server?
Background: Recently moved from a standalone Nginx reverse proxy to running the plugin in OPNsense. Works great except for a few older devices (a LG smart TV and Android devices) not working anymore. The problem I've concluded is that they don't accept TLSv1.3, only TLSv1.2.
I can't find a setting in the GUI?
I then tried setting it in /usr/local/etc/nginx/nginx.conf:
...
ssl_protocols TLSv1.3 TLSv1.2
...
and it works, until you reboot after which it is restored to just TLSv1.3 again.
Maybe adjusting something in /usr/local/opnsense/service/templates/OPNsense/Nginx?
Can't wrap my head around it all in there and not sure if that would be persistent across system/plugin updates.
For modern devices and browsers it is not a problem but it means forcing a lot of devices in to obsolescence a bit too early in my opinion. Is there any options here or will I have to go back to my old setup if I don't want to fight against the system?
Versions:
OPNsense 24.1.2_1-amd64
FreeBSD 13.2-RELEASE-p10
OpenSSL 3.0.13
os-nginx 1.32.2
Also using the LetsEncrypt functionality.
Thanks in advance for any suggestions!
Hi!
It's "TLS Protocols" select in Server config with 'advanced mode' enabled
??? :o ;D
Thank you! I had totally missed that one! Had been looking around several times but missed it, went reading old threads for similar questions that suggested TLS settings were not user/GUI adjustable.