[PVE-User] Change pveproxy to tls1.2
Sten Aus
sten.aus at eenet.ee
Tue Dec 2 13:03:32 CET 2014
It's hardcoded but works perfectly (I guess until next upgrade, but anyway).
A way how to disable sslv3 and support tls1.2 and 1.1 is that:
Edit file /usr/bin/pveproxy
Find "method => "tlsv1", comment it out.
Now "ssleay" supports all tls versions and ssl versions.
It's relatively easy to disable sslv3 by adding a line
"sslv3 => 0,"
Add it next to line you just commented.
And to determine what ciphers are allowed, it's easy to edit this in
/etc/default/pveproxy
Suggestion to Proxmox developers: this should be implemented to
configuration file which automatically gets distributed to all nodes.
It's logic that I want all nodes to use same cryptographic algorithms,
not just one.
Keep up the good work!
On 01.12.14 17:03, Sten Aus wrote:
> Hi
>
> I tried to set /usr/bin/pveproxy ssl method value to tlsv1.2 or
> tlsv12, but it did not work. How should I configure to use TLS v 1.2,
> not TLS v 1.0?
>
> And where I can specify cipher_list for SSL to use?
>
> Thanks!
>
>
>
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20141202/3636949a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3227 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20141202/3636949a/attachment.bin>
More information about the pve-user
mailing list