DirectAdmin SSL cipher lists for servers not update

rotame

Verified User
Joined
Jul 4, 2019
Messages
52
Hi,

I see this https://help.directadmin.com/item.php?id=571
and i cross check with mine and are different the configs
Example
Dovecot was to v1
the same for NGINX , exim etc

Durimg DA update confings dont updated too ?

What I must do to disable old TLS / Ciphers ?

I have auto update enabled and before post this question in order to be sure I made a manual update through the custombuild script.

cd /usr/local/directadmin/custombuild
./build update

Checked which updates are available using the command:

./build versions
And finally performed all pending updates using the command:

./build update_versions

All configs , NGINX, DOVECOT, APACHE ,EXIM remain the same as before upgrade

Can you explain why ?
 
Last edited:

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,513
Please see https://forum.directadmin.com/showthread.php?t=59202&p=304307#post304307 - there is now added new options to use newer chipers and also disable tls 1.1. In /custombuild/options.conf you should have ssl_configuration=, det default is intermediate, but you can select between these:

Code:
ssl_configuration=modern
ssl_configuration=intermediate
ssl_configuration=old
For example if you select intermediate it will also make tls 1.1 be disabled. Custombuild uses these chiphers for the above configurations: https://ssl-config.mozilla.org - after changing ssl_configuration= just run ./build rewrite_confs

Edit: The above setting will currently only change chiphers for Apache, OpenLiteSpeed, LiteSpeed, Nginx, ProFTPd and Pure-FTPd. So Dovecot will not be affected.
 
Top