Master Branch more OPENSSL_TLSONETHREE TLSv1.3 Nginx ssl_protocols control

more OPENSSL_TLSONETHREE TLSv1.3 Nginx ssl_protocols control

- Persistent config file /etc/centminmod/custom_config.inc variable OPENSSL_TLSONETHREE https://community.centminmod.com/posts/63238/ which controls whether OpenSSL 1.1.1 installed Nginx enables and supports TLSv1.3 or not, OPENSSL_TLSONETHREE='y' enabled or OPENSSL_TLSONETHREE='n' disabled.
- Now added redetect_tlsonethree function which runs each time centmin.sh menu is run to check whether OPENSSL_TLSONETHREE='y' enabled or OPENSSL_TLSONETHREE='n' disabled is set and automatically adjusts the include file /usr/local/nginx/conf/ssl_include.conf which is used in every auto generated Nginx vhost site that uses HTTPS via centmin.sh menu option 2, 22 or nv commands and changes whether ssl_protocols directive includes or excludes TLSv1.3 protocol support for Nginx HTTPS when Nginx is compiled against OpenSSL 1.1.1. So OPENSSL_TLSONETHREE variable now controls whether OpenSSL 1.1.1 is build with TLSv1.3 support and whether Nginx ssl_protocols directive includes and enables TLSv1.3 protocol support.
- So if you have issues with Nginx + OpenSSL 1.1.1 TLSv1.3 for your HTTPS sites, you can set OPENSSL_TLSONETHREE='n' in persistent config file /etc/centminmod/custom_config.inc to disabel TLSv1.3 and minimally at Nginx level, re-run centmin.sh and exit centmin.sh or run centmin.sh menu option 4 and recompile Nginx and OpenSSL 1.1.1 environment to disable TLSv1.3 at OpenSSL 1.1.1 level.

Continue reading...

Centmin Mod Github Master branch

Master branch is where most recent commits are made as at May 24, 2015.

• Branch: https://github.com/centminmod/centminmod
• Commit History: https://github.com/centminmod/centminmod/commits/master

---