[pve-devel] [PATCH manager 3/3] fix #3789: pass disable TLS 1.2/1.3 options

Fabian Grünbichler f.gruenbichler at proxmox.com
Fri Dec 17 13:57:32 CET 2021


Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
 PVE/Service/pveproxy.pm | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/PVE/Service/pveproxy.pm b/PVE/Service/pveproxy.pm
index b746ebf1..f73fdd6f 100755
--- a/PVE/Service/pveproxy.pm
+++ b/PVE/Service/pveproxy.pm
@@ -131,6 +131,12 @@ sub init {
     if (defined($proxyconf->{DHPARAMS})) {
 	$self->{server_config}->{ssl}->{dh_file} = $proxyconf->{DHPARAMS};
     }
+    if (defined($proxyconf->{DISABLE_TLS_1_2})) {
+	$self->{server_config}->{ssl}->{tlsv1_2} = !$proxyconf->{DISABLE_TLS_1_2};
+    }
+    if (defined($proxyconf->{DISABLE_TLS_1_3})) {
+	$self->{server_config}->{ssl}->{tlsv1_3} = !$proxyconf->{DISABLE_TLS_1_3};
+    }
     my $custom_key_path = '/etc/pve/local/pveproxy-ssl.key';
     if (defined($proxyconf->{TLS_KEY_FILE})) {
 	$custom_key_path = $proxyconf->{TLS_KEY_FILE};
-- 
2.30.2





More information about the pve-devel mailing list