[SOLVED] Select TLS version in NGINX

Started by Wrong user, February 24, 2024, 06:18:02 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 24, 2024, 06:18:02 PM Last Edit: February 24, 2024, 08:10:10 PM by Wrong user
Hello!

Happy OPNsense user here since a few years, trying to consolidate my homelab.

Question: Is there a way to select the TLS version for the Nginx server?

Background: Recently moved from a standalone Nginx reverse proxy to running the plugin in OPNsense. Works great except for a few older devices (a LG smart TV and Android devices) not working anymore. The problem I've concluded is that they don't accept TLSv1.3, only TLSv1.2.

I can't find a setting in the GUI?

I then tried setting it in /usr/local/etc/nginx/nginx.conf:
...
ssl_protocols TLSv1.3 TLSv1.2
...
and it works, until you reboot after which it is restored to just TLSv1.3 again.

Maybe adjusting something in /usr/local/opnsense/service/templates/OPNsense/Nginx?
Can't wrap my head around it all in there and not sure if that would be persistent across system/plugin updates.

For modern devices and browsers it is not a problem but it means forcing a lot of devices in to obsolescence a bit too early in my opinion. Is there any options here or will I have to go back to my old setup if I don't want to fight against the system?

Versions:
OPNsense 24.1.2_1-amd64
FreeBSD 13.2-RELEASE-p10
OpenSSL 3.0.13

os-nginx 1.32.2
Also using the LetsEncrypt functionality.

Thanks in advance for any suggestions!
February 24, 2024, 07:37:46 PM #1
Hi!
It's "TLS Protocols" select in Server config with 'advanced mode' enabled
February 24, 2024, 08:09:04 PM #2
 ??? :o ;D

Thank you! I had totally missed that one! Had been looking around several times but missed it, went reading old threads for similar questions that suggested TLS settings were not user/GUI adjustable.
Print
Go Up Pages1
User actions