Discover Centmin Mod today
Register Now

Beta Branch re-enable TLS 1.0 protocol by default

Discussion in 'Centmin Mod Github Commits' started by eva2000, Aug 29, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    40,187
    8,888
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,697
    Local Time:
    7:00 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    re-enable TLS 1.0 protocol by default

    Previous commit set new variable DISABLE_TLSONEZERO_PROTOCOL='y' by default to disable TLS 1.0. While more secure for sites and your visitors, it limits older web browser clients from accessing your HTTPS sites so renable it by default setting DISABLE_TLSONEZERO_PROTOCOL='n'. This allows end users to decide for themselves if they want to disable TLS 1.0 protocol support by setting in persistent config file /etc/centminmod/custom_config.inc the variable DISABLE_TLSONEZERO_PROTOCOL='y' and re-run centmin.sh once and exit to apply the change.

    Continue reading...

    123.09beta01 branch

     
  2. bruno

    bruno Member

    73
    6
    8
    Oct 14, 2016
    Ratings:
    +12
    Local Time:
    10:00 PM
    Can you please explain how to disable tls 1.0 on beta branch? I tried to add that line to the custom config file but after running centmin and exiting via option 24, the system file still says tls 1.0

    Thanks!
     
  3. eva2000

    eva2000 Administrator Staff Member

    40,187
    8,888
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,697
    Local Time:
    7:00 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    You found a 123.09beta01 bug in inc/cpcheck.inc routine for this. It will be fixed in next 15 minutes, so run cmupdate command to check for inc/cpcheck.inc update before re-running centmin.sh

    i.e.
    Code (Text):
    cmupdate
    
    Saved working directory and index state WIP on 123.09beta01: c87da13 update tools/auditd.sh
    HEAD is now at c87da13 update tools/auditd.sh
    remote: Enumerating objects: 15, done.
    remote: Counting objects: 100% (15/15), done.
    remote: Compressing objects: 100% (2/2), done.
    remote: Total 9 (delta 7), reused 9 (delta 7), pack-reused 0
    Unpacking objects: 100% (9/9), done.
    From https://github.com/centminmod/centminmod
       c87da13..341d7d9  123.09beta01 -> origin/123.09beta01
    Updating c87da13..341d7d9
    Fast-forward
     config/nginx/nginx.conf | 84 ++++++++++++++++++++++++++++++++++++++++++------------------------------------------
     inc/cpcheck.inc         |  8 ++++++--
     2 files changed, 48 insertions(+), 44 deletions(-)
    
     
  4. bruno

    bruno Member

    73
    6
    8
    Oct 14, 2016
    Ratings:
    +12
    Local Time:
    10:00 PM
  5. eva2000

    eva2000 Administrator Staff Member

    40,187
    8,888
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,697
    Local Time:
    7:00 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    need to restart nginx for it to take effect :)
     
  6. Meirami

    Meirami Member

    128
    15
    18
    Dec 21, 2017
    Ratings:
    +41
    Local Time:
    12:00 AM
    Can we disable 1.1 also?
     
  7. bruno

    bruno Member

    73
    6
    8
    Oct 14, 2016
    Ratings:
    +12
    Local Time:
    10:00 PM
    Worked perfectly cheers!
     
..