Welcome! Log In Create A New Profile

Advanced

Disable TLSv1.1

Posted by tequila 
Disable TLSv1.1
August 08, 2020 07:00AM
Hi all,

I tried to disable TLSv1.1 but testing still alive refer openssl command. Have multiple virtual host configuration but confirmed the ssl_protocols just TLSv1.2 & TLSv1.3. Can anyone help please?

# cat /etc/centos-release
CentOS Linux release 7.7.1908 (Core)
# nginx -v
nginx version: nginx/1.16.1
# openssl version
OpenSSL 1.1.1g 21 Apr 2020


ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;


-----------------------
openssl s_client -connect domain.com:443 -tls1
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1


openssl s_client -connect domain.com:443 -tls1_1
New, TLSv1.0, Cipher is ECDHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.1
Re: Disable TLSv1.1
August 10, 2020 12:13AM
Problem solved and verified the configuration "ssl_protocols TLSv1.2 TLSv1.3;" is working fine. Because has nodejs effective all of protocols.

Enable only TLS 1.2 in Node JS
https://medium.com/@jawadahmadd/enable-only-tls-1-2-in-node-js-118687fb3746



Edited 1 time(s). Last edit at 08/10/2020 12:14AM by tequila.
Re: Disable TLSv1.1
August 10, 2020 12:52PM
POC to disable TLSv1.1 but the problem still occurred. That means not related nodejs.
Re: Disable TLSv1.1
August 11, 2020 11:11AM
Interesting... current nginx has multiple virtual hosts. Only one virtual host can't to disable TLSv1.1. Two virtual hosts is pointing to the save of home location, but using different server name. I tried to copy the configuration file and modified. Unfortunately, still alive TLSv1.1.

Can anyone help please?
Re: Disable TLSv1.1
August 12, 2020 12:29AM
Finally, problem solved because the OS on AliCloud and enabled WAF service. Through Internal IP is disabled, WAF is enabled.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 77
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready