Skip to content

Commit b64eaf8

Browse files
author
Till Brehm
committed
Merge branch 'disable-old-tls' into 'stable-3.1'
Disable TLSv1 and TLSv1.1 See merge request ispconfig/ispconfig3!997
2 parents 8f5bb8d + 8183c38 commit b64eaf8

File tree

2 files changed

+3
-3
lines changed

2 files changed

+3
-3
lines changed

server/conf/nginx_vhost.conf.master

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ server {
1818
listen <tmpl_var name='ip_address'>:<tmpl_var name='proxy_protocol_https'> ssl proxy_protocol;
1919
</tmpl_if>
2020
</tmpl_if>
21-
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
21+
ssl_protocols TLSv1.2;
2222
# ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
2323
# ssl_prefer_server_ciphers on;
2424
<tmpl_if name='ipv6_enabled'>

server/conf/vhost.conf.master

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@
5252
<tmpl_if name='ssl_enabled'>
5353
<tmpl_if name='enable_http2' op='==' value='y'>
5454
Protocols h2 http/1.1
55-
SSLProtocol All -SSLv2 -SSLv3
55+
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
5656
SSLCipherSuite 'EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS'
5757
</tmpl_if>
5858
</tmpl_if>
@@ -79,7 +79,7 @@
7979
<IfModule mod_ssl.c>
8080
<tmpl_if name='ssl_enabled'>
8181
SSLEngine on
82-
SSLProtocol All -SSLv2 -SSLv3
82+
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
8383
# SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
8484
SSLHonorCipherOrder on
8585
# <IfModule mod_headers.c>

0 commit comments

Comments
 (0)