nginx TLS >=1.2

Started by siga75, October 07, 2019, 03:14:59 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 07, 2019, 03:14:59 PM Last Edit: October 07, 2019, 06:13:26 PM by siga75
is there a ways to force a minimum allowed TLS version?

EDIT: I saw there's the choise on the upstream, but I didn't see in the frontend server
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
October 07, 2019, 06:45:40 PM #1
The frontends are hardcoded to 1.1-1.3 (1.1 is only for compatibility) but 1.3 is currently not available because the TLS library is outdated.
Imho this is a sane setting or do you want to get rid of 1.1 (which will probably cause problems with for example older Java versions, older Android devices, ...)?
It may be available with 20.1 but that's not under my control.

See https://github.com/opnsense/plugins/issues/790 for the ticket tracking the issue for HAProxy and nginx (we both suffer the same issue).
October 08, 2019, 07:53:27 AM #2
thanks Fabian, I am fine with 1.1, I am glad 1.0 is not supported by default :)
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
Print
Go Up Pages1
User actions