Disable TLS 1.1 as default

It doesn't remove custom httpd-ssl.conf, if it's setup in /usr/local/directadmin/custombuild/custom/ap2/conf/extra/ (official method).

Regarding TLS v1.1 - maybe /usr/local/directadmin/custombuild/custom/ap2/conf/ is the reason, if there is something inside? :)
 
It doesn't remove custom httpd-ssl.conf, if it's setup in /usr/local/directadmin/custombuild/custom/ap2/conf/extra/ (official method).

Regarding TLS v1.1 - maybe /usr/local/directadmin/custombuild/custom/ap2/conf/ is the reason, if there is something inside? :)

I removed "httpd-ssl.conf" from that folder. There is nothing else in that folder.
Any idea how i renew the config, so it will pick up your intermediate setting? I'm running nginx_apache, if that helps
 
Last edited:
What's the output of:
Code:
grep 'SSLProtocol' /etc/httpd/conf/extra/httpd-ssl.conf
 
What's the output of:
Code:
grep 'SSLProtocol' /etc/httpd/conf/extra/httpd-ssl.conf
Sorry for the late response.
The output is: SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

Update: Now it only providing TLS1.2. Might have been cache, but it's working now. Thankyou

Next step will be TLS 1.3, but will have to migrate to CentOS 8 for the newer OpenSSL 1.1.1
 
Last edited:
@smtalk, Thank you. But I am not sure if we are ready to disable TLS 1.1 for email on our shared hosting servers just yet. We are currently using
Code:
ssl_configuration=intermediate

Would it be possible for you do add a new option in options.conf like this?:
Code:
ssl_email_configuration=old/intermediate/modern

So that we would have one configuration for exim/dovecot (ssl_email_configuration), and another for apache and everything else (ssl_configuration). With a new option like that, it would be possible for ourself to decide when the time is right to disable TLS 1.1 in email.
 
@smtalk, Thank you. But I am not sure if we are ready to disable TLS 1.1 for email on our shared hosting servers just yet. We are currently using
Code:
ssl_configuration=intermediate

Would it be possible for you do add a new option in options.conf like this?:
Code:
ssl_email_configuration=old/intermediate/modern

So that we would have one configuration for exim/dovecot (ssl_email_configuration), and another for apache and everything else (ssl_configuration). With a new option like that, it would be possible for ourself to decide when the time is right to disable TLS 1.1 in email.
As TLSv1.1 is going to be EOL soon, I'd suggest using /usr/local/directadmin/custombuild/custom/dovecot/conf/ssl.conf and /etc/exim.variables.conf.custom for any overrides.
 
How would we re-enable TLS 1.1 in /etc/exim.variables.conf.custom currently to many customer failing when trying to send email.
Thank you
 
Back
Top