Beta Branch more OPENSSL_TLSONETHREE TLSv1.3 Nginx ssl_protocols control

more OPENSSL_TLSONETHREE TLSv1.3 Nginx ssl_protocols control

- Persistent config file /etc/centminmod/custom_config.inc variable OPENSSL_TLSONETHREE https://community.centminmod.com/posts/63238/ which controls whether OpenSSL 1.1.1 installed Nginx enables and supports TLSv1.3 or not, OPENSSL_TLSONETHREE='y' enabled or OPENSSL_TLSONETHREE='n' disabled.
- Now added redetect_tlsonethree function which runs each time centmin.sh menu is run to check whether OPENSSL_TLSONETHREE='y' enabled or OPENSSL_TLSONETHREE='n' disabled is set and automatically adjusts the include file /usr/local/nginx/conf/ssl_include.conf which is used in every auto generated Nginx vhost site that uses HTTPS via centmin.sh menu option 2, 22 or nv commands and changes whether ssl_protocols directive includes or excludes TLSv1.3 protocol support for Nginx HTTPS when Nginx is compiled against OpenSSL 1.1.1. So OPENSSL_TLSONETHREE variable now controls whether OpenSSL 1.1.1 is build with TLSv1.3 support and whether Nginx ssl_protocols directive includes and enables TLSv1.3 protocol support.
- So if you have issues with Nginx + OpenSSL 1.1.1 TLSv1.3 for your HTTPS sites, you can set OPENSSL_TLSONETHREE='n' in persistent config file /etc/centminmod/custom_config.inc to disabel TLSv1.3 and minimally at Nginx level, re-run centmin.sh and exit centmin.sh or run centmin.sh menu option 4 and recompile Nginx and OpenSSL 1.1.1 environment to disable TLSv1.3 at OpenSSL 1.1.1 level.

---

Continue reading...

123.09beta01 branch

• Branch: centminmod/centminmod
• Commit History: centminmod/centminmod