Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
nginx TLS >=1.2
« previous
next »
Print
Pages: [
1
]
Author
Topic: nginx TLS >=1.2 (Read 1739 times)
siga75
Full Member
Posts: 187
Karma: 11
nginx TLS >=1.2
«
on:
October 07, 2019, 03:14:59 pm »
is there a ways to force a minimum allowed TLS version?
EDIT: I saw there's the choise on the upstream, but I didn't see in the frontend server
«
Last Edit: October 07, 2019, 06:13:26 pm by siga75
»
Logged
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: nginx TLS >=1.2
«
Reply #1 on:
October 07, 2019, 06:45:40 pm »
The frontends are hardcoded to 1.1-1.3 (1.1 is only for compatibility) but 1.3 is currently not available because the TLS library is outdated.
Imho this is a sane setting or do you want to get rid of 1.1 (which will probably cause problems with for example older Java versions, older Android devices, ...)?
It may be available with 20.1 but that's not under my control.
See
https://github.com/opnsense/plugins/issues/790
for the ticket tracking the issue for HAProxy and nginx (we both suffer the same issue).
Logged
siga75
Full Member
Posts: 187
Karma: 11
Re: nginx TLS >=1.2
«
Reply #2 on:
October 08, 2019, 07:53:27 am »
thanks Fabian, I am fine with 1.1, I am glad 1.0 is not supported by default
Logged
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
nginx TLS >=1.2
