Beta Branch disable TLS 1.0 by default

disable TLS 1.0 by default

For HTTPS based sites disable TLS 1.0 as industry is deprecating it in favour of more secure TLS 1.1, TLS 1.2 and soon TLS 1.3 for better security and performance. This is controlled by new variable DISABLE_TLSONEZERO_PROTOCOL='y'. You can re-enable TLS 1.0 if you require it via persistent config file /etc/centminmod/custom_config.inc set DISABLE_TLSONEZERO_PROTOCOL='y' and re-run centmin.sh once and exit from centmin.sh menu to apply the change. You can verify if TLS 1.0 is enabled or disabled via checking /usr/local/nginx/conf/ssl_include.conf to see if TLSv1 is present. If TLSv1 is preset then, TLS 1.0 is enabled. By default only TLS 1.1 (TLSv1.1) and TLS 1.2 (TLSv1.2) is now enabled and TLS 1.3 (TLSv1.3) if OpenSSL 1.1.1 is detected. You can also verify your site's TLS supported protocols via SSLLabs test at https://www.ssllabs.com/ssltest/index.html

Continue reading...

---

123.09beta01 branch

• Branch: https://github.com/centminmod/centminmod/tree/123.09beta01
• Commit History: https://github.com/centminmod/centminmod/commits/123.09beta01

 

info

• Deprecating TLS 1.0 & 1.1 | DigiCert Blog
• re-enabled by default TLS 1.0 with option to disable Beta Branch - re-enable TLS 1.0 protocol by default