Execute the Nginx TLS 1.3 checks only if SSL has been enabled

ms217 · ms217 · commit 5f4b3e3cbc85 · 2024-05-13T21:50:41.000+02:00
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
@@ -1613,14 +1613,15 @@ function update($event_name, $data) {
 		$vhost_data['logging'] = $web_config['logging'];
 
 		// Provide TLS 1.3 support if Nginx version is >= 1.13.0 and when it was linked against OpenSSL(>=1.1.1) at build time and when it was linked against OpenSSL(>=1.1.1) at runtime.
-		$nginx_openssl_build_ver = $app->system->exec_safe('nginx -V 2>&1 | grep \'built with OpenSSL\' | sed \'s/.*built\([a-zA-Z ]*\)OpenSSL \([0-9.]*\).*/\2/\'');
-		$nginx_openssl_running_ver = $app->system->exec_safe('nginx -V 2>&1 | grep \'running with OpenSSL\' | sed \'s/.*running\([a-zA-Z ]*\)OpenSSL \([0-9.]*\).*/\2/\'');
-		if(version_compare($app->system->getnginxversion(true), '1.13.0', '>=')
-			&& version_compare($nginx_openssl_build_ver, '1.1.1', '>=')
-			&& (empty($nginx_openssl_running_ver) || version_compare($nginx_openssl_running_ver, '1.1.1', '>='))
-			&& $data['new']['ssl'] == 'y') {
-			$app->log('Enable TLS 1.3 for: '.$domain, LOGLEVEL_DEBUG);
-			$vhost_data['tls13_supported'] = "y";
+		if($data['new']['ssl'] == 'y') {
+			$nginx_openssl_build_ver = $app->system->exec_safe('nginx -V 2>&1 | grep \'built with OpenSSL\' | sed \'s/.*built\([a-zA-Z ]*\)OpenSSL \([0-9.]*\).*/\2/\'');
+			$nginx_openssl_running_ver = $app->system->exec_safe('nginx -V 2>&1 | grep \'running with OpenSSL\' | sed \'s/.*running\([a-zA-Z ]*\)OpenSSL \([0-9.]*\).*/\2/\'');
+			if(version_compare($app->system->getnginxversion(true), '1.13.0', '>=')
+				&& version_compare($nginx_openssl_build_ver, '1.1.1', '>=')
+				&& (empty($nginx_openssl_running_ver) || version_compare($nginx_openssl_running_ver, '1.1.1', '>='))) {
+					$app->log('Enable TLS 1.3 for: '.$domain, LOGLEVEL_DEBUG);
+					$vhost_data['tls13_supported'] = "y";
+			}
 		}
 
 
